{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "rds: tcp: block BH in TCP callbacks\n- kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges\n- module: correctly exit module_kallsyms_on_each_symbol when fn() != 0\n- module: potential uninitialized return in module_kallsyms_on_each_symbol()\n- module: use RCU to synchronize find_module\n- kallsyms: refactor {,module_}kallsyms_on_each_symbol\n- LTS tag: v5.4.295\n- scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops\n- arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() {CVE-2025-38320}\n- perf: Fix sample vs do_exit() {CVE-2025-38424}\n- s390/pci: Fix __pcilg_mio_inuser() inline assembly\n- rtc: test: Fix invalid format specifier.\n- jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() {CVE-2025-38337}\n- mm/huge_memory: fix dereferencing invalid pmd migration entry {CVE-2025-37958}\n- rtc: Make rtc_time64_to_tm() support dates before 1970\n- rtc: Improve performance of rtc_time64_to_tm(). Add tests.\n- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create {CVE-2022-48773}\n- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352}\n- ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms\n- ARM: dts: am335x-bone-common: Increase MDIO reset deassert time\n- ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board\n- net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180}\n- net: atm: add lec_mutex {CVE-2025-38323}\n- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). {CVE-2025-38181}\n- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer {CVE-2025-38184}\n- tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior\n- atm: atmtcp: Free invalid length skb in atmtcp_c_send(). {CVE-2025-38185}\n- mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). {CVE-2025-38324}\n- wifi: carl9170: do not ping device which has failed to load firmware {CVE-2025-38420}\n- aoe: clean device rq_list in aoedev_downdev() {CVE-2025-38326}\n- hwmon: (occ) fix unaligned accesses\n- drm/nouveau/bl: increase buffer size to avoid truncate warning\n- erofs: remove unused trace event erofs_destroy_inode\n- ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged\n- ALSA: hda/intel: Add Thinkpad E15 to PM deny list\n- Input: sparcspkr - avoid unannotated fall-through\n- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103}\n- atm: Revert atm_account_tx() if copy_from_iter_full() fails. {CVE-2025-38190}\n- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len\n- scsi: s390: zfcp: Ensure synchronous unit_add\n- scsi: storvsc: Increase the timeouts to storvsc_timeout\n- jffs2: check jffs2_prealloc_raw_node_refs() result in few other places {CVE-2025-38328}\n- jffs2: check that raw node were preallocated before writing summary {CVE-2025-38194}\n- drivers/rapidio/rio_cm.c: prevent possible heap overwrite {CVE-2025-38090}\n- powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery\n- platform/x86: dell_rbu: Stop overwriting data buffer\n- platform: Add Surface platform directory\n- Revert \"bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first\"\n- tee: Prevent size calculation wraparound on 32-bit kernels\n- ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY\n- bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value\n- watchdog: da9052_wdt: respect TWDMIN\n- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200}\n- sock: Correct error checking condition for (assign|release)_proto_idx()\n- scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332}\n- vxlan: Do not treat dst cache initialization errors as fatal\n- clk: rockchip: rk3036: mark ddrphy as critical\n- wifi: mac80211: do not offer a mesh path if forwarding is disabled\n- net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info\n- pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get()\n- pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction()\n- pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction()\n- pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name()\n- ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT\n- tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows\n- tcp: always seek for minimal rtt in tcp_rcv_rtt_update()\n- net: dlink: add synchronization for stats update\n- sctp: Do not wake readers in __sctp_write_space()\n- emulex/benet: correct command version selection in be_cmd_get_stats()\n- i2c: designware: Invoke runtime suspend on quick slave re-registration\n- net: macb: Check return value of dma_set_mask_and_coherent()\n- cpufreq: Force sync policy boost with global boost on sysfs update\n- nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults\n- media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() {CVE-2025-38237}\n- media: tc358743: ignore video while HPD is low\n- drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB\n- jfs: Fix null-ptr-deref in jfs_ioc_trim {CVE-2025-38203}\n- drm/amdgpu/gfx9: fix CSIB handling\n- drm/amdgpu/gfx8: fix CSIB handling\n- jfs: fix array-index-out-of-bounds read in add_missing_indices {CVE-2025-38204}\n- drm/amdgpu/gfx7: fix CSIB handling\n- drm/amdgpu/gfx10: fix CSIB handling\n- drm/msm/a6xx: Increase HFI response timeout\n- drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit()\n- media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition\n- drm/msm/hdmi: add runtime PM calls to DDC transfer function\n- drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq()\n- sunrpc: update nextcheck time when adding new cache entries\n- drm/amdgpu/gfx6: fix CSIB handling\n- ACPI: battery: negate current when discharging\n- PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn()\n- power: supply: bq27xxx: Retrieve again when busy\n- ACPICA: fix acpi parse and parseext cache leaks {CVE-2025-38344}\n- ACPICA: Avoid sequence overread in call to strncmp()\n- ACPICA: fix acpi operand cache leak in dswstate.c {CVE-2025-38345}\n- iio: adc: ad7606_spi: fix reg write value mask\n- PCI: Fix lock symmetry in pci_slot_unlock()\n- PCI: Add ACS quirk for Loongson PCIe\n- uio_hv_generic: Use correct size for interrupt and monitor pages\n- regulator: max14577: Add error check for max14577_read_reg()\n- mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS\n- staging: iio: ad5933: Correct settling cycles encoding per datasheet\n- net: ch9200: fix uninitialised access during mii_nway_restart {CVE-2025-38086}\n- ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}\n- dm-mirror: fix a tiny race condition\n- mtd: nand: sunxi: Add randomizer configuration before randomizer enable\n- mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk\n- mm: fix ratelimit_pages update error in dirty_ratio_handler()\n- ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}\n- parisc: fix building with gcc-15\n- vgacon: Add check for vc_origin address range in vgacon_scroll() {CVE-2025-38213}\n- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var {CVE-2025-38214}\n- EDAC/altera: Use correct write width with the INTTEST register\n- NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416}\n- f2fs: prevent kernel warning due to negative i_nlink from corrupted image {CVE-2025-38219}\n- Input: ims-pcu - check record size in ims_pcu_flash_firmware() {CVE-2025-38428}\n- ext4: fix calculation of credits for extent tree modification\n- ext4: inline: fix len overflow in ext4_prepare_inline_data {CVE-2025-38222}\n- bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device\n- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 {CVE-2025-38336}\n- ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap()\n- media: v4l2-dev: fix error handling in __video_register_device()\n- media: gspca: Add error handling for stv06xx_read_sensor()\n- wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723\n- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request {CVE-2025-38430}\n- wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() {CVE-2025-38348}\n- gfs2: move msleep to sleepable context\n- configfs: Do not override creating attribute file failure in populate_attrs()\n- net: usb: aqc111: debug info before sanitation\n- calipso: unlock rcu before returning -EAFNOSUPPORT\n- xen/arm: call uaccess_ttbr0_enable for dm_op hypercall\n- usb: Flush altsetting 0 endpoints before reinitializating them after reset.\n- fs/filesystems: Fix potential unsigned integer underflow in fs_name()\n- net/mdiobus: Fix potential out-of-bounds read/write access {CVE-2025-38111}\n- drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang\n- drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang\n- MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option\n- x86/boot/compressed: prefer cc-option for CFLAGS additions\n- net: mdio: C22 is now optional, EOPNOTSUPP if not provided\n- net_sched: tbf: fix a race in tbf_change()\n- net_sched: red: fix a race in __red_change() {CVE-2025-38108}\n- net_sched: prio: fix a race in prio_tune() {CVE-2025-38083}\n- net/mlx5: Fix return value when searching for existing flow group\n- net/mlx5: Wait for inactive autogroups\n- i40e: retry VFLR handling if there is ongoing VF reset\n- i40e: return false from i40e_reset_vf if reset is in progress\n- net_sched: sch_sfq: fix a potential crash on gso_skb handling {CVE-2025-38115}\n- scsi: iscsi: Fix incorrect error path labels for flashnode operations\n- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes {CVE-2022-48829}\n- NFSD: Fix ia_size underflow {CVE-2022-48828}\n- Input: synaptics-rmi - fix crash with unsupported versions of F34\n- Input: synaptics-rmi4 - convert to use sysfs_emit() APIs\n- pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id()\n- do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498}\n- ice: create new Tx scheduler nodes for new queues only\n- Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION\n- net/mlx4_en: Prevent potential integer overflow calculating Hz\n- vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl()\n- serial: Fix potential null-ptr-deref in mlb_usio_probe() {CVE-2025-38135}\n- usb: renesas_usbhs: Reorder clock handling and power management in probe {CVE-2025-38136}\n- rtc: Fix offset calculation for .start_secs < 0\n- rtc: sh: assign correct interrupts with DT\n- perf record: Fix incorrect --user-regs comments\n- perf tests switch-tracking: Fix timestamp comparison\n- mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE\n- mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove()\n- rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()\n- perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3\n- perf ui browser hists: Set actions->thread before calling do_zoom_thread()\n- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() {CVE-2025-38312}\n- soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() {CVE-2025-38145}\n- soc: aspeed: lpc: Fix impossible judgment condition\n- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou\n- ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device\n- bus: fsl-mc: fix double-free on mc_dev {CVE-2025-38313}\n- nilfs2: do not propagate ENOENT error from nilfs_btree_propagate()\n- nilfs2: add pointer check for nilfs_direct_propagate()\n- Squashfs: check return result of sb_min_blocksize {CVE-2025-38415}\n- ARM: dts: at91: at91sam9263: fix NAND chip selects\n- ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select\n- f2fs: fix to correct check conditions in f2fs_cross_rename\n- f2fs: use d_inode(dentry) cleanup dentry->d_inode\n- calipso: Don't call calipso functions for AF_INET sk. {CVE-2025-38147}\n- net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy\n- net: usb: aqc111: fix error handling of usbnet read calls {CVE-2025-38153}\n- netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy\n- wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157}\n- bpf: Fix WARN() in get_bpf_raw_tp_regs {CVE-2025-38285}\n- pinctrl: at91: Fix possible out-of-boundary access {CVE-2025-38286}\n- ktls, sockmap: Fix missing uncharge operation\n- netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it\n- f2fs: clean up w/ fscrypt_is_bounce_page()\n- RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h\n- wifi: rtw88: do not ignore hardware read error during DPK\n- net: ncsi: Fix GCPS 64-bit member variables\n- f2fs: fix to do sanity check on sbi->total_valid_block_count {CVE-2025-38163}\n- drm/tegra: rgb: Fix the unbound reference count\n- drm/vkms: Adjust vkms_state->active_planes allocation type\n- drm: rcar-du: Fix memory leak in rcar_du_vsps_init()\n- selftests/seccomp: fix syscall_restart test for arm compat\n- firmware: psci: Fix refcount leak in psci_dt_init\n- m68k: mac: Fix macintosh_config for Mac II\n- drm/vmwgfx: Add seqno waiter for sync_files\n- spi: sh-msiof: Fix maximum DMA transfer size\n- ACPI: OSI: Stop advertising support for \"3.0 _SCP Extensions\"\n- x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges()\n- PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks()\n- EDAC/skx_common: Fix general protection fault {CVE-2025-38298}\n- crypto: marvell/cesa - Avoid empty transfer descriptor\n- crypto: marvell/cesa - Handle zero-length skcipher requests {CVE-2025-38173}\n- x86/cpu: Sanitize CPUID(0x80000000) output\n- perf/core: Fix broken throttling when max_samples_per_tick=1\n- gfs2: gfs2_create_inode error handling fix\n- netfilter: nft_socket: fix sk refcount leaks {CVE-2024-46855}\n- thunderbolt: Do not double dequeue a configuration request {CVE-2025-38174}\n- usb: usbtmc: Fix timeout value in get_stb\n- usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device\n- usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE\n- pinctrl: armada-37xx: set GPIO output value before setting direction\n- pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31\n- net/mlx5: Add poll-eq API to be used by ULP's\n- net/rds: poll eq during user-reset\n- perf: Fix perf_event_validate_size() lockdep splat {CVE-2023-6931}\n- perf: Fix perf_event_validate_size() {CVE-2023-6931}\n- net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery\n- pwm: mediatek: Ensure to disable clocks in error path\n- Revert \"mmc: sdhci: Disable SD card clock before changing parameters\"\n- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}\n- x86/bpf: Classic BPF program can fail when BHB barrier is used\n- Add Zen34 clients {CVE-2024-36350}\n- x86/process: Move the buffer clearing before MONITOR {CVE-2024-36350}\n- KVM: SVM: Advertize TSA CPUID bits to guests {CVE-2024-36350}\n- x86/bugs: Add a Transient Scheduler Attacks mitigation {CVE-2024-36350}\n- KVM: x86: add support for CPUID leaf 0x80000021 {CVE-2024-36350}\n- x86/bugs: Rename MDS machinery to something more generic {CVE-2024-36350}\n- x86/CPU/AMD: Add ZenX generations flags {CVE-2024-36350}\n- x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits {CVE-2024-36350}\n- Revert \"x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2\" on v6.6 and older\n- tracing: Fix compilation warning on arm32\n- PM: sleep: Fix power.is_suspended cleanup for direct-complete devices\n- LTS tag: v5.4.294\n- platform/x86: thinkpad_acpi: Ignore battery threshold change event notification\n- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys\n- spi: spi-sun4i: fix early activation\n- um: let 'make clean' properly clean underlying SUBARCH as well\n- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS\n- nfs: don't share pNFS DS connections between net namespaces\n- HID: quirks: Add ADATA XPG alpha wireless mouse support\n- coredump: hand a pidfd to the usermode coredump helper\n- fork: use pidfd_prepare()\n- pid: add pidfd_prepare()\n- pidfd: check pid has attached task in fdinfo\n- coredump: fix error handling for replace_fd()\n- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice {CVE-2025-38001}\n- smb: client: Reset all search buffer pointers when releasing buffer\n- smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051}\n- drm/i915/gvt: fix unterminated-string-initialization warning\n- netfilter: nf_tables: do not defer rule destruction via call_rcu {CVE-2024-56655}\n- netfilter: nf_tables: wait for rcu grace period on net_device removal {CVE-2024-56655}\n- netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx\n- kbuild: Disable -Wdefault-const-init-unsafe\n- spi: spi-fsl-dspi: restrict register range for regmap access\n- mm/page_alloc.c: avoid infinite retries caused by cpuset race\n- drm/edid: fixed the bug that hdr metadata was not reset\n- llc: fix data loss when reading from a socket in llc_ui_recvmsg()\n- ALSA: pcm: Fix race of buffer access at PCM OSS layer {CVE-2025-38078}\n- can: bcm: add missing rcu read protection for procfs content {CVE-2025-38003}\n- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}\n- crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079}\n- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000}\n- net: dwmac-sun8i: Use parsed internal PHY address instead of 1\n- bridge: netfilter: Fix forwarding of fragmented packets\n- xfrm: Sanitize marks before insert\n- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock {CVE-2025-38058}\n- xenbus: Allow PVH dom0 a non-local xenstore\n- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref {CVE-2025-38034}\n- nvmet-tcp: don't restore null sk_state_change {CVE-2025-38035}\n- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013\n- pinctrl: meson: define the pull up/down resistor value as 60 kOhm\n- drm: Add valid clones check\n- drm/atomic: clarify the rules around drm_atomic_state->allow_modeset\n- regulator: ad5398: Add device tree support\n- wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate\n- bpftool: Fix readlink usage in get_fd_type\n- HID: usbkbd: Fix the bit shift number for LED_KANA\n- scsi: st: Restore some drive settings after reset\n- scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine\n- rcu: fix header guard for rcu_all_qs()\n- rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y\n- vxlan: Annotate FDB data races {CVE-2025-38037}\n- hwmon: (xgene-hwmon) use appropriate type for the latency value\n- ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure().\n- net/mlx5e: reduce rep rxq depth to 256 for ECPF\n- net/mlx5e: set the tx_queue_len for pfifo_fast\n- net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB\n- phy: core: don't require set_mode() callback for phy_get_mode() to work\n- net/mlx4_core: Avoid impossible mlx4_db_alloc() order value\n- smack: recognize ipv4 CIPSO w/o categories\n- pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map\n- ASoC: ops: Enforce platform maximum on initial value\n- net/mlx5: Apply rate-limiting to high temperature warning\n- net/mlx5: Modify LSB bitmask in temperature event to include only the first bit\n- ACPI: HED: Always initialize before evged\n- PCI: Fix old_size lower bound in calculate_iosize() too\n- EDAC/ie31200: work around false positive build warning\n- net: pktgen: fix access outside of user given buffer in pktgen_thread_write() {CVE-2025-38061}\n- wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU\n- scsi: mpt3sas: Send a diag reset if target reset fails\n- MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core\n- MIPS: Use arch specific syscall name match function\n- cpuidle: menu: Avoid discarding useful information\n- x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus()\n- bonding: report duplicate MAC address in all situations\n- net: xgene-v2: remove incorrect ACPI_PTR annotation\n- drm/amdkfd: KFD release_work possible circular locking\n- net/mlx5: Avoid report two health errors on same syndrome\n- fpga: altera-cvp: Increase credit timeout\n- drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence\n- hwmon: (gpio-fan) Add missing mutex locks\n- x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2\n- net: pktgen: fix mpls maximum labels list parsing\n- pinctrl: bcm281xx: Use \"unsigned int\" instead of bare \"unsigned\"\n- media: cx231xx: set device_caps for 417 {CVE-2025-38044}\n- orangefs: Do not truncate file size {CVE-2025-38065}\n- dm cache: prevent BUG_ON by blocking retries on failed device resumes {CVE-2025-38066}\n- media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe()\n- ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114\n- ieee802154: ca8210: Use proper setters and getters for bitwise types\n- rtc: ds1307: stop disabling alarms on probe\n- powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7\n- mmc: sdhci: Disable SD card clock before changing parameters\n- netfilter: conntrack: Bound nf_conntrack sysctl writes\n- posix-timers: Add cond_resched() to posix_timer_add() search loop\n- xen: Add support for XenServer 6.1 platform device {CVE-2025-38046}\n- dm: restrict dm device size to 2^63-512 bytes\n- kbuild: fix argument parsing in scripts/config\n- scsi: st: ERASE does not change tape location\n- scsi: st: Tighten the page format heuristics with MODE SELECT\n- ext4: reorder capability check last\n- um: Update min_low_pfn to match changes in uml_reserved\n- um: Store full CSGSFS and SS register from mcontext\n- btrfs: send: return -ENAMETOOLONG when attempting a path that is too long\n- btrfs: avoid linker error in btrfs_find_create_tree_block()\n- i2c: pxa: fix call balance of i2c->clk handling routines\n- mmc: host: Wait for Vdd to settle on card power off\n- libnvdimm/labels: Fix divide error in nd_label_data_init() {CVE-2025-38072}\n- pNFS/flexfiles: Report ENETDOWN as a connection error\n- tools/build: Don't pass test log files to linker\n- dql: Fix dql->limit value when reset.\n- SUNRPC: rpc_clnt_set_transport() must not change the autobind setting\n- NFSv4: Treat ENETUNREACH errors as fatal for state recovery\n- fbdev: core: tileblit: Implement missing margin clearing for tileblit\n- fbdev: fsl-diu-fb: add missing device_remove_file()\n- mailbox: use error ret code of of_parse_phandle_with_args()\n- kconfig: merge_config: use an empty file as initfile\n- cgroup: Fix compilation issue due to cgroup_mutex not being exported\n- dma-mapping: avoid potential unused data compilation warning\n- scsi: target: iscsi: Fix timeout on deleted connection {CVE-2025-38075}\n- openvswitch: Fix unsafe attribute parsing in output_userspace() {CVE-2025-37998}\n- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5\n- Input: synaptics - enable SMBus for HP Elitebook 850 G1\n- clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable()\n- phy: renesas: rcar-gen3-usb2: Set timing registers only once\n- phy: Fix error handling in tegra_xusb_port_init\n- ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2()\n- NFSv4/pnfs: Reset the layout state after a layoutreturn\n- NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred\n- qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd()\n- ALSA: sh: SND_AICA should depend on SH_DMA_API\n- net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING\n- spi: loopback-test: Do not split 1024-byte hexdumps\n- nfs: handle failure of nfs_get_lock_context in unlock path {CVE-2025-38023}\n- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug {CVE-2025-38024}\n- iio: chemical: sps30: use aligned_s64 for timestamp\n- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.\n- staging: axis-fifo: Correct handling of tx_fifo_depth for size validation\n- staging: axis-fifo: avoid parsing ignored device tree properties\n- staging: axis-fifo: Remove hardware resets for user errors\n- staging: axis-fifo: replace spinlock with mutex\n- platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection\n- do_umount(): add missing barrier before refcount checks in sync case\n- MIPS: Fix MAX_REG_OFFSET\n- iio: adc: dln2: Use aligned_s64 for timestamp\n- types: Complement the aligned types with signed 64-bit one\n- usb: usbtmc: Fix erroneous generic_read ioctl return\n- usb: usbtmc: Fix erroneous wait_srq ioctl return\n- usb: usbtmc: Fix erroneous get_stb ioctl error returns\n- USB: usbtmc: use interruptible sleep in usbtmc_read\n- usb: typec: ucsi: displayport: Fix NULL pointer access {CVE-2025-37994}\n- usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition\n- ocfs2: stop quota recovery before disabling quotas\n- ocfs2: implement handshaking with ocfs2 recovery thread\n- ocfs2: switch osb->disable_recovery to enum\n- module: ensure that kobject_put() is safe for module type kobjects {CVE-2025-37995}\n- xenbus: Use kref to track req lifetime {CVE-2025-37949}\n- usb: uhci-platform: Make the clock really optional\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo {CVE-2025-37969}\n- iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo {CVE-2025-37970}\n- iio: adis16201: Correct inclinometer channel resolution\n- iio: adc: ad7606: fix serial register access\n- staging: iio: adc: ad7816: Correct conditional logic for store mode\n- Input: synaptics - enable InterTouch on Dell Precision M3800\n- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G\n- Input: synaptics - enable InterTouch on Dynabook Portege X30-D\n- net: dsa: b53: fix learning on VLAN unaware bridges\n- netfilter: ipset: fix region locking in hash types {CVE-2025-37997}\n- sch_htb: make htb_deactivate() idempotent {CVE-2025-37953}\n- dm: fix copying after src array boundaries {CVE-2025-37902}\n- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927}\n- arm64: dts: rockchip: fix iface clock-name on px30 iommus\n- usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling\n- usb: chipidea: ci_hdrc_imx: use dev_err_probe()\n- usb: chipidea: imx: refine the error handling for hsic\n- usb: chipidea: imx: change hsic power regulator as optional\n- irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() {CVE-2025-37819}\n- irqchip/gic-v2m: Mark a few functions __init\n- irqchip/gic-v2m: Add const to of_device_id\n- sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37953}\n- of: module: add buffer overflow check in of_modalias() {CVE-2024-38541}\n- PCI: imx6: Skip controller_id generation logic for i.MX7D\n- net: fec: ERR007885 Workaround for conventional TX\n- net: lan743x: Fix memleak issue when GSO enabled {CVE-2025-37909}\n- lan743x: fix endianness when accessing descriptors\n- lan743x: remove redundant initialization of variable current_head_index\n- nvme-tcp: fix premature queue removal and I/O failover\n- net: dlink: Correct endianness handling of led_mode\n- net_sched: qfq: Fix double list add in class with netem as child qdisc {CVE-2025-37913}\n- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890}\n- net_sched: drr: Fix double list add in class with netem as child qdisc {CVE-2025-37915}\n- net/mlx5: E-Switch, Initialize MAC Address for Default GID\n- tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923}\n- dm: always update the array size in realloc_argv on success {CVE-2025-37902}\n- dm-integrity: fix a warning on invalid table line\n- wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() {CVE-2025-37990}\n- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload\n- parisc: Fix double SIGFPE crash {CVE-2025-37991}\n- i2c: imx-lpi2c: Fix clock count when probe defers\n- EDAC/altera: Set DDR and SDMMC interrupt mask before registration\n- EDAC/altera: Test the correct error reg offset\n- scsi: qedf: Wait for stag work during unload\n- scsi: qedf: Don't process stag work during unload and recovery\n- rds: ib: Add cm_id generation scheme in order to detect new ones\n- x86/its: BPF can crash in bpf_jit_comp.c when ITS is enabled\n- shmem: add support to ignore swap\n- shmem: update documentation\n- mm: hold the source mmap write lock when copying PTEs\n- mm: do not write protect COW mappings when preserving across exec\n- mm: differentiate copying PTEs for preservation from copying for fork\n- mm/fork: Pass new vma pointer into copy_page_range()\n- xen/swiotlb: relax alignment requirements\n- Reapply \"xen/swiotlb: add alignment check for dma buffers\"\n- dmaengine: Revert \"dmaengine: dmatest: Fix dmatest waiting less when interrupted\"\n- nvme: unblock ctrl state transition for firmware update\n- memcg: always call cond_resched() after fn()\n- ACPI: PPTT: Fix processor subtable walk\n- LTS tag: v5.4.293\n- MIPS: cm: Fix warning if MIPS_CM is disabled\n- crypto: atmel-sha204a - Set hwrng quality to lowest possible\n- comedi: jr3_pci: Fix synchronous deletion of timer\n- md/raid1: Add check for missing source disk in process_checks()\n- scsi: pm80xx: Set phy_attached to zero when device is gone\n- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls\n- selftests: ublk: fix test_stripe_04\n- udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803}\n- KVM: s390: Don't use %pK through tracepoints\n- sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP\n- ntb: reduce stack usage in idt_scan_mws\n- qibfs: fix _another_ leak {CVE-2025-37983}\n- usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() {CVE-2025-37881}\n- dmaengine: dmatest: Fix dmatest waiting less when interrupted\n- usb: host: max3421-hcd: Add missing spi_device_id table\n- parisc: PDT: Fix missing prototype warning\n- clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec()\n- crypto: null - Use spin lock instead of mutex {CVE-2025-37808}\n- MIPS: cm: Detect CM quirks from device tree\n- USB: VLI disk crashes if LPM is used\n- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive\n- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive\n- usb: dwc3: gadget: check that event count does not exceed event buffer length {CVE-2025-37810}\n- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)\n- usb: cdns3: Fix deadlock when using NCM gadget {CVE-2025-37812}\n- USB: serial: simple: add OWON HDS200 series oscilloscope support\n- USB: serial: option: add Sierra Wireless EM9291\n- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe\n- serial: sifive: lock port in startup()/shutdown() callbacks\n- USB: storage: quirk for ADATA Portable HDD CH94\n- mcb: fix a double free bug in chameleon_parse_gdd() {CVE-2025-37817}\n- virtio_console: fix missing byte order handling for cols and rows\n- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823}\n- net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797}\n- tipc: fix NULL pointer dereference in tipc_mon_reinit_self() {CVE-2025-37824}\n- net: phy: leds: fix memory leak {CVE-2025-37989}\n- cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() {CVE-2025-37829}\n- drm/amd/pm: Prevent division by zero {CVE-2025-37766}\n- misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error\n- misc: pci_endpoint_test: Use INTX instead of LEGACY\n- PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX\n- iio: adc: ad7768-1: Fix conversion result sign\n- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check\n- net: dsa: mv88e6xxx: fix VTU methods for 6320 family\n- media: vim2m: print device name after registering device\n- ext4: fix OOB read when checking dotdot dir {CVE-2025-37785}\n- ext4: optimize __ext4_check_dir_entry()\n- ext4: don't over-report free space or inodes in statvfs\n- ext4: code cleanup for ext4_statfs_project()\n- ext4: simplify checking quota limits in ext4_statfs()\n- platform/x86: ISST: Correct command storage data length\n- MIPS: ds1287: Match ds1287_set_base_clock() function types\n- MIPS: cevt-ds1287: Add missing ds1287.h include\n- MIPS: dec: Declare which_prom() as static\n- virtio-net: Add validation for used length {CVE-2021-47352}\n- RDMA/srpt: Support specifying the srpt_service_guid parameter {CVE-2024-26744}\n- openvswitch: fix lockup on tx to unregistering netdev with carrier {CVE-2025-21681}\n- net: openvswitch: fix race on port output {CVE-2025-21681}\n- mmc: cqhci: Fix checking of CQHCI_HALT state\n- nvmet-fc: Remove unused functions\n- usb: dwc3: support continuous runtime PM with dual role\n- misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type\n- misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error {CVE-2025-23140}\n- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). {CVE-2024-50154}\n- powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp\n- kbuild: Add '-fno-builtin-wcslen'\n- cpufreq: Reference count policy in cpufreq_update_limits()\n- drm/sti: remove duplicate object names\n- drm/nouveau: prime: fix ttm_bo_delayed_delete oops {CVE-2025-37765}\n- drm/repaper: fix integer overflows in repeat functions\n- module: sign with sha512 instead of sha1 by default\n- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR\n- perf/x86/intel: Allow to update user space GPRs from PEBS records\n- virtiofs: add filesystem context source name check {CVE-2025-37773}\n- riscv: Avoid fortify warning in syscall_get_arguments()\n- isofs: Prevent the use of too small fid {CVE-2025-37780}\n- i2c: cros-ec-tunnel: defer probe if parent EC is not present {CVE-2025-37781}\n- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key {CVE-2025-37782}\n- btrfs: correctly escape subvol in btrfs_show_options()\n- nfs: add missing selections of CONFIG_CRC32\n- nfs: move nfs_fhandle_hash to common include file\n- NFSD: Constify @fh argument of knfsd_fh_hash()\n- asus-laptop: Fix an uninitialized variable\n- writeback: fix false warning in inode_to_wb()\n- net: b53: enable BPDU reception for management port\n- net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789}\n- Revert \"wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()\" {CVE-2025-37795}\n- Bluetooth: btrtl: Prevent potential NULL dereference {CVE-2025-37792}\n- Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address\n- RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe()\n- scsi: iscsi: Fix missing scsi_host_put() in error path\n- wifi: wl1251: fix memory leak in wl1251_tx_work {CVE-2025-37982}\n- wifi: mac80211: Purge vif txq in ieee80211_do_stop() {CVE-2025-37794}\n- wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() {CVE-2025-37795}\n- wifi: at76c50x: fix use after free access in at76_disconnect {CVE-2025-37796}\n- HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition {CVE-2025-37838}\n- pwm: mediatek: always use bus clock for PWM on MT7622\n- Bluetooth: hci_uart: Fix another race during initialization {CVE-2025-23139}\n- x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions()\n- PCI: Fix reference leak in pci_alloc_child_bus()\n- of/irq: Fix device node refcount leakages in of_irq_init()\n- of/irq: Fix device node refcount leakage in API irq_of_parse_and_map()\n- of/irq: Fix device node refcount leakages in of_irq_count()\n- ntb: use 64-bit arithmetic for the MSI doorbell mask\n- gpio: zynq: Fix wakeup source leaks on device unbind\n- ftrace: Add cond_resched() to ftrace_graph_set_hash() {CVE-2025-37940}\n- dm-integrity: set ti->error on memory allocation failure\n- crypto: ccp - Fix check for the primary ASP device\n- thermal/drivers/rockchip: Add missing rk3328 mapping entry\n- sctp: detect and prevent references to a freed transport in sendmsg {CVE-2025-23142}\n- mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock\n- sparc/mm: disable preemption in lazy mmu mode\n- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string\n- mtd: rawnand: Add status chack in r852_ready()\n- mtd: inftlcore: Add error check for inftl_read_oob() {CVE-2025-37892}\n- lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets\n- locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class()\n- jbd2: remove wrong sb->s_sequence check {CVE-2025-37839}\n- i3c: Add NULL pointer check in i3c_master_queue_ibi() {CVE-2025-23147}\n- ext4: fix off-by-one error in do_split {CVE-2025-23150}\n- wifi: mac80211: fix integer overflow in hwmp_route_info_get()\n- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family\n- media: venus: hfi_parser: add check to avoid out of bound access {CVE-2025-23157}\n- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO\n- media: i2c: ov7251: Set enable GPIO low in probe\n- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()\n- media: streamzap: prevent processing IR data on URB failure\n- mtd: rawnand: brcmnand: fix PM resume warning {CVE-2025-37840}\n- arm64: cputype: Add MIDR_CORTEX_A76AE\n- xenfs/xensyms: respect hypervisor's \"next\" indication\n- media: siano: Fix error handling in smsdvb_module_init()\n- media: venus: hfi: add check to handle incorrect queue size {CVE-2025-23158}\n- media: venus: hfi: add a check to handle OOB in sfr region {CVE-2025-23159}\n- media: i2c: adv748x: Fix test pattern selection mask\n- ext4: don't treat fhandle lookup of ea_inode as FS corruption\n- ext4: reject casefold inode flag without casefold feature\n- bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags\n- bpf: Add endian modifiers to fix endian warnings\n- pwm: fsl-ftm: Handle clk_get_rate() returning 0\n- pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() {CVE-2025-37850}\n- pwm: mediatek: Always use bus clock\n- fbdev: omapfb: Add 'plane' value check {CVE-2025-37851}\n- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off\n- drm/amdkfd: Fix pqm_destroy_queue race with GPU reset\n- drm/amdkfd: clamp queue size to minimum\n- drm: panel-orientation-quirks: Add new quirk for GPD Win 2\n- drm: panel-orientation-quirks: Add support for AYANEO 2S\n- drm: allow encoder mode_set even when connectors change for crtc\n- Bluetooth: hci_uart: fix race during initialization {CVE-2025-23139}\n- tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER\n- net: vlan: don't propagate flags on open {CVE-2025-23163}\n- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table\n- scsi: st: Fix array overflow in st_setup() {CVE-2025-37857}\n- ext4: ignore xattrs past end {CVE-2025-37738}\n- ext4: protect ext4_release_dquot against freezing\n- ahci: add PCI ID for Marvell 88SE9215 SATA Controller\n- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode\n- jfs: add sanity check for agwidth in dbMount {CVE-2025-37740}\n- jfs: Prevent copying of nlink with value 0 from disk inode {CVE-2025-37741}\n- fs/jfs: Prevent integer overflow in AG size calculation {CVE-2025-37858}\n- fs/jfs: cast inactags to s64 to prevent potential overflow\n- page_pool: avoid infinite loop to schedule delayed worker {CVE-2025-37859}\n- ALSA: usb-audio: Fix CME quirk for UF series keyboards\n- ALSA: hda: intel: Fix Optimus when GPU has no sound\n- HID: pidff: Fix null pointer dereference in pidff_find_fields {CVE-2025-37862}\n- HID: pidff: Do not send effect envelope if it's empty\n- HID: pidff: Convert infinite length from Linux API to PID standard\n- xen/mcelog: Add __nonstring annotations for unterminated strings\n- perf: arm_pmu: Don't disable counter in armpmu_add()\n- x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine\n- pm: cpupower: bench: Prevent NULL dereference on malloc failure {CVE-2025-37841}\n- net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749}\n- ata: sata_sx4: Add error handling in pdc20621_i2c_read()\n- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones\n- tipc: fix memory leak in tipc_link_xmit {CVE-2025-37757}\n- ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() {CVE-2025-37758}\n- x86/bhi: Do not set BHI_DIS_S in 32-bit mode\n- x86/bpf: Add IBHF call at end of classic BPF\n- x86/bpf: Call branch history clearing sequence on exit\n- certs: Reference revocation list for all keyrings\n- RDS: use get_user_pages_fast() in rdma_pin_pages()\n- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel\n- selftest/x86/bugs: Add selftests for ITS {CVE-2024-28956}\n- x86/its: Align RETs in BHB clear sequence to avoid thunking {CVE-2024-28956}\n- x86/its: Add \"vmexit\" option to skip mitigation on some CPUs {CVE-2024-28956}\n- x86/its: Enable Indirect Target Selection mitigation {CVE-2024-28956}\n- x86/its: Add support for ITS-safe return thunk {CVE-2024-28956}\n- x86/its: Add support for ITS-safe indirect thunk {CVE-2024-28956}\n- x86/its: Enumerate Indirect Target Selection (ITS) bug {CVE-2024-28956}\n- Documentation: x86/bugs/its: Add ITS documentation {CVE-2024-28956}\n- certs: Add new Oracle Linux Driver Signing (key 1) certificate\n- net/mlx5e: Don't call cleanup on profile rollback failure {CVE-2024-50146}\n- net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() {CVE-2024-50000}\n- net/mlx5: Fix error path in multi-packet WQE transmit {CVE-2024-50001}\n- net/mlx5: Discard command completions in internal error {CVE-2024-38555}\n- net/mlx5e: fix a potential double-free in fs_any_create_groups {CVE-2023-52667}\n- net/mlx5: Reclaim max 50K pages at once\n- LTS tag: v5.4.292\n- jfs: add index corruption check to DT_GETPAGE()\n- tracing: Fix use-after-free in print_graph_function_flags during tracer switching {CVE-2025-22035}\n- mmc: sdhci-pxav3: set NEED_RSP_BUSY capability\n- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP\n- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs {CVE-2025-22045}\n- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume\n- ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk()\n- can: flexcan: only change CAN state when link up in system PM\n- arcnet: Add NULL check in com20020pci_probe() {CVE-2025-22054}\n- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy\n- ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS\n- vsock: avoid timeout during connect() if the socket is closing\n- net_sched: skbprio: Remove overly strict queue assertions {CVE-2025-38637}\n- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets {CVE-2025-22063}\n- ntb: intel: Fix using link status DB's\n- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans {CVE-2023-53034}\n- spufs: fix a leak in spufs_create_context() {CVE-2025-22071}\n- spufs: fix a leak on spufs_new_file() failure {CVE-2025-22073}\n- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}\n- can: statistics: use atomic access in hot path\n- locking/semaphore: Use wake_q to wake up processes outside lock critical section\n- sched/deadline: Use online cpus for validating runtime\n- affs: don't write overlarge OFS data block size fields\n- affs: generate OFS sequence numbers starting at 1\n- wifi: iwlwifi: fw: allocate chained SG tables for dump\n- sched/smt: Always inline sched_smt_active()\n- octeontx2-af: Fix mbox INTR handler when num VFs > 64\n- ring-buffer: Fix bytes_dropped calculation issue\n- objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() {CVE-2025-37937}\n- fs/procfs: fix the comment above proc_pid_wchan()\n- perf python: Check if there is space to copy all the event\n- perf python: Decrement the refcount of just created event on failure\n- perf python: Fixup description of sample.id event member\n- ocfs2: validate l_tree_depth to avoid out-of-bounds access {CVE-2025-22079}\n- kexec: initialize ELF lowest address to ULONG_MAX\n- perf units: Fix insufficient array space\n- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio\n- coresight: catu: Fix number of pages while using 64k pages\n- isofs: fix KMSAN uninit-value bug in do_isofs_readdir()\n- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment\n- mfd: sm501: Switch to BIT() to mitigate integer overflows\n- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow {CVE-2025-22086}\n- power: supply: max77693: Fix wrong conversion of charge input threshold value\n- x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1\n- clk: amlogic: g12a: fix mmc A peripheral clock\n- clk: amlogic: gxbb: drop non existing 32k clock parent\n- clk: amlogic: g12b: fix cluster A parent data\n- IB/mad: Check available slots before posting receive WRs\n- clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent\n- pinctrl: renesas: rza2: Fix missing of_node_put() call\n- lib: 842: Improve error handling in sw842_compress()\n- clk: amlogic: gxbb: drop incorrect flag on 32k clock\n- fbdev: sm501fb: Add some geometry checks.\n- mdacon: rework dependency list\n- fbdev: au1100fb: Move a variable assignment behind a null pointer check\n- PCI: pciehp: Don't enable HPIE when resuming in poll mode\n- PCI: Remove stray put_device() in pci_register_host_bridge()\n- PCI/portdrv: Only disable pciehp interrupts early when needed\n- PCI/ASPM: Fix link state exit during switch upstream function removal {CVE-2024-58093}\n- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member\n- ALSA: hda/realtek: Always honor no_shutup_pins\n- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll\n- lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*()\n- PM: sleep: Fix handling devices with direct_complete set on errors\n- thermal: int340x: Add NULL check for adev {CVE-2025-23136}\n- EDAC/ie31200: Fix the error path order of ie31200_init()\n- EDAC/ie31200: Fix the DIMM size mask for several SoCs\n- EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer\n- selinux: Chain up tool resolving errors in install_policy.sh\n- x86/platform: Only allow CONFIG_EISA for 32-bit\n- x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct()\n- cpufreq: governor: Fix negative 'idle_time' handling in dbs_update()\n- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test\n- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020}\n- net: usb: qmi_wwan: add Telit Cinterion FE990B composition\n- net: usb: qmi_wwan: add Telit Cinterion FN990B composition\n- tty: serial: 8250: Add some more device IDs\n- counter: stm32-lptimer-cnt: fix error handling when enabling\n- netfilter: socket: Lookup orig tuple for IPv6 SNAT {CVE-2025-22021}\n- ARM: Remove address checking for MMUless devices\n- ARM: 9351/1: fault: Add \"cut here\" line for prefetch aborts\n- ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed()\n- atm: Fix NULL pointer dereference {CVE-2025-22018}\n- HID: hid-plantronics: Add mic mute mapping and generalize quirks\n- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names\n- drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() {CVE-2025-21996}\n- batman-adv: Ignore own maximum aggregation size during RX\n- ARM: shmobile: smp: Enforce shmobile_smp_* alignment\n- mmc: atmel-mci: Add missing clk_disable_unprepare()\n- drm/v3d: Don't run jobs that have errors flagged in its fence\n- i2c: omap: fix IRQ storms\n- net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES\n- net: atm: fix use after free in lec_send() {CVE-2025-22004}\n- ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create().\n- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). {CVE-2025-22005}\n- Bluetooth: Fix error code in chan_alloc_skb_cb() {CVE-2025-22007}\n- RDMA/hns: Fix wrong value of max_sge_rd\n- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path\n- xfrm_output: Force software GSO only in tunnel mode\n- firmware: imx-scu: fix OF node leak in .probe()\n- i2c: sis630: Fix an error handling path in sis630_probe()\n- i2c: ali15x3: Fix an error handling path in ali15x3_probe()\n- i2c: ali1535: Fix an error handling path in ali1535_probe()\n- ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe()\n- drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data()\n- qlcnic: fix memory leak issues in qlcnic_sriov_common.c\n- drm/amd/display: Assign normalized_pix_clk when color depth = 14 {CVE-2025-21956}\n- drm/atomic: Filter out redundant DPMS calls\n- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes {CVE-2025-21991}\n- USB: serial: option: match on interface class for Telit FN990B\n- USB: serial: option: fix Telit Cinterion FE990A name\n- USB: serial: option: add Telit Cinterion FE990B compositions\n- USB: serial: ftdi_sio: add support for Altera USB Blaster 3\n- block: fix 'kmem_cache of name 'bio-108' already exists'\n- drm/nouveau: Do not override forced connector status\n- x86/irq: Define trace events conditionally\n- fuse: don't truncate cached, mutated symlink\n- nvme: only allow entering LIVE from CONNECTING state\n- sctp: Fix undefined behavior in left shift operation\n- nvmet-rdma: recheck queue state is LIVE in state lock in recv done\n- ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime()\n- s390/cio: Fix CHPID \"configure\" attribute caching\n- HID: ignore non-functional sensor in HP 5MP Camera {CVE-2025-21992}\n- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell\n- ACPI: resource: IRQ override for Eluktronics MECH-17\n- scsi: qla1280: Fix kernel oops when debug level > 2 {CVE-2025-21957}\n- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993}\n- powercap: call put_device() on an error path in powercap_register_control_type()\n- hrtimers: Mark is_migration_base() with __always_inline\n- nvme-fc: go straight to connecting state when initializing\n- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices\n- netfilter: nft_exthdr: fix offset with ipv4_find_option()\n- net_sched: Prevent creation of classes with TC_H_ROOT {CVE-2025-21971}\n- ipvs: prevent integer overflow in do_ip_vs_get_ctl()\n- netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() {CVE-2025-21959}\n- Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio()\n- drivers/hv: Replace binary semaphore with mutex\n- netpoll: hold rcu read lock in __netpoll_send_skb()\n- netpoll: netpoll_send_skb() returns transmit status\n- netpoll: move netpoll_send_skb() out of line\n- netpoll: remove dev argument from netpoll_send_skb_on_dev()\n- netpoll: Fix use correct return type for ndo_start_xmit()\n- pinctrl: bcm281xx: Fix incorrect regmap max_registers value\n- sched/isolation: Prevent boot crash when the boot CPU is nohz_full\n- clockevents/drivers/i8253: Fix stop sequence for timer 0\n- RDS: avoid using offlined CPU during reconnect\n- x86/microcode/AMD: Clean the cache if update did not load microcode\n- x86/microcode/AMD: Add finalize_late_load() microcode_op\n- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches\n- x86/microcode/AMD: Add some forgotten models to the SHA check\n- x86/microcode/AMD: Load only SHA256-checksummed patches {CVE-2025-22047}\n- x86/microcode/AMD: Flush patch buffer mapping after application\n- x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size\n- nvme: fix deadlock between reset and scan", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2025/clsa-2025_1757963029.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757963029", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1757963029" } ], "tracking": { "current_release_date": "2025-09-15T19:22:34Z", "generator": { "date": "2025-09-15T19:22:34Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1757963029", "initial_release_date": "2025-09-15T19:22:34Z", "revision_history": [ { "date": "2025-09-15T19:22:34Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel-uek: Fix of 194 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-tools@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-headers@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-50154", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().\n\nMartin KaFai Lau reported use-after-free [0] in reqsk_timer_handler().\n\n \"\"\"\n We are seeing a use-after-free from a bpf prog attached to\n trace_tcp_retransmit_synack. The program passes the req->sk to the\n bpf_sk_storage_get_tracing kernel helper which does check for null\n before using it.\n \"\"\"\n\nThe commit 83fccfc3940c (\"inet: fix potential deadlock in\nreqsk_queue_unlink()\") added timer_pending() in reqsk_queue_unlink() not\nto call del_timer_sync() from reqsk_timer_handler(), but it introduced a\nsmall race window.\n\nBefore the timer is called, expire_timers() calls detach_timer(timer, true)\nto clear timer->entry.pprev and marks it as not pending.\n\nIf reqsk_queue_unlink() checks timer_pending() just after expire_timers()\ncalls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will\ncontinue running and send multiple SYN+ACKs until it expires.\n\nThe reported UAF could happen if req->sk is close()d earlier than the timer\nexpiration, which is 63s by default.\n\nThe scenario would be\n\n 1. inet_csk_complete_hashdance() calls inet_csk_reqsk_queue_drop(),\n but del_timer_sync() is missed\n\n 2. reqsk timer is executed and scheduled again\n\n 3. req->sk is accept()ed and reqsk_put() decrements rsk_refcnt, but\n reqsk timer still has another one, and inet_csk_accept() does not\n clear req->sk for non-TFO sockets\n\n 4. sk is close()d\n\n 5. reqsk timer is executed again, and BPF touches req->sk\n\nLet's not use timer_pending() by passing the caller context to\n__inet_csk_reqsk_queue_drop().\n\nNote that reqsk timer is pinned, so the issue does not happen in most\nuse cases. [1]\n\n[0]\nBUG: KFENCE: use-after-free read in bpf_sk_storage_get_tracing+0x2e/0x1b0\n\nUse-after-free read at 0x00000000a891fb3a (in kfence-#1):\nbpf_sk_storage_get_tracing+0x2e/0x1b0\nbpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda\nbpf_trace_run2+0x4c/0xc0\ntcp_rtx_synack+0xf9/0x100\nreqsk_timer_handler+0xda/0x3d0\nrun_timer_softirq+0x292/0x8a0\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\nintel_idle_irq+0x5a/0xa0\ncpuidle_enter_state+0x94/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nkfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, size=2376, cache=TCPv6\n\nallocated by task 0 on cpu 9 at 260507.901592s:\nsk_prot_alloc+0x35/0x140\nsk_clone_lock+0x1f/0x3f0\ninet_csk_clone_lock+0x15/0x160\ntcp_create_openreq_child+0x1f/0x410\ntcp_v6_syn_recv_sock+0x1da/0x700\ntcp_check_req+0x1fb/0x510\ntcp_v6_rcv+0x98b/0x1420\nipv6_list_rcv+0x2258/0x26e0\nnapi_complete_done+0x5b1/0x2990\nmlx5e_napi_poll+0x2ae/0x8d0\nnet_rx_action+0x13e/0x590\nirq_exit_rcu+0xf5/0x320\ncommon_interrupt+0x80/0x90\nasm_common_interrupt+0x22/0x40\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb\n\nfreed by task 0 on cpu 9 at 260507.927527s:\nrcu_core_si+0x4ff/0xf10\nirq_exit_rcu+0xf5/0x320\nsysvec_apic_timer_interrupt+0x6d/0x80\nasm_sysvec_apic_timer_interrupt+0x16/0x20\ncpuidle_enter_state+0xfb/0x273\ncpu_startup_entry+0x15e/0x260\nstart_secondary+0x8a/0x90\nsecondary_startup_64_no_verify+0xfa/0xfb", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50154" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/106e457953315e476b3642ef24be25ed862aaba3", "url": "https://git.kernel.org/stable/c/106e457953315e476b3642ef24be25ed862aaba3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1", "url": "https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d", "url": "https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17", "url": "https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3", "url": "https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c964bf65f80a14288d767023a1b300b30f5b9cd0", "url": "https://git.kernel.org/stable/c/c964bf65f80a14288d767023a1b300b30f5b9cd0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f", "url": "https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f" } ], "release_date": "2024-11-07T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-26744", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/srpt: Support specifying the srpt_service_guid parameter\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n\nparse_one+0x18c/0x1d0\nparse_args+0xe1/0x230\nload_module+0x8de/0xa60\ninit_module_from_file+0x8b/0xd0\nidempotent_init_module+0x181/0x240\n__x64_sys_finit_module+0x5a/0xb0\ndo_syscall_64+0x5f/0xe0\nentry_SYSCALL_64_after_hwframe+0x6e/0x76", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26744" } ], "release_date": "2024-04-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21681", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -> ovs_vport_send\n -> dev_queue_xmit\n -> __dev_queue_xmit\n -> netdev_core_pick_tx\n -> skb_tx_hash\n\nWhen device is unregistering, the 'dev->real_num_tx_queues' goes to\nzero and the 'while (unlikely(hash >= qcount))' loop inside the\n'skb_tx_hash' becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn't implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn't really have a carrier.\nTherefore, while this device is unregistering, it's still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don't really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21681" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/47e55e4b410f7d552e43011baa5be1aab4093990", "url": "https://git.kernel.org/stable/c/47e55e4b410f7d552e43011baa5be1aab4093990" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/82f433e8dd0629e16681edf6039d094b5518d8ed", "url": "https://git.kernel.org/stable/c/82f433e8dd0629e16681edf6039d094b5518d8ed" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/87fcf0d137c770e6040ebfdb0abd8e7dd481b504", "url": "https://git.kernel.org/stable/c/87fcf0d137c770e6040ebfdb0abd8e7dd481b504" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/930268823f6bccb697aa5d2047aeffd4a497308c", "url": "https://git.kernel.org/stable/c/930268823f6bccb697aa5d2047aeffd4a497308c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b5c73fc92f8d15c16e5dc87b5c17d2abf1e6d092", "url": "https://git.kernel.org/stable/c/b5c73fc92f8d15c16e5dc87b5c17d2abf1e6d092" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea966b6698785fb9cd0fdb867acd91b222e4723f", "url": "https://git.kernel.org/stable/c/ea966b6698785fb9cd0fdb867acd91b222e4723f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea9e990356b7bee95440ba0e6e83cc4d701afaca", "url": "https://git.kernel.org/stable/c/ea9e990356b7bee95440ba0e6e83cc4d701afaca" } ], "release_date": "2025-01-31T12:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-56655", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not defer rule destruction via call_rcu\n\nnf_tables_chain_destroy can sleep, it can't be used from call_rcu\ncallbacks.\n\nMoreover, nf_tables_rule_release() is only safe for error unwinding,\nwhile transaction mutex is held and the to-be-desroyed rule was not\nexposed to either dataplane or dumps, as it deactives+frees without\nthe required synchronize_rcu() in-between.\n\nnft_rule_expr_deactivate() callbacks will change ->use counters\nof other chains/sets, see e.g. nft_lookup .deactivate callback, these\nmust be serialized via transaction mutex.\n\nAlso add a few lockdep asserts to make this more explicit.\n\nCalling synchronize_rcu() isn't ideal, but fixing this without is hard\nand way more intrusive. As-is, we can get:\n\nWARNING: .. net/netfilter/nf_tables_api.c:5515 nft_set_destroy+0x..\nWorkqueue: events nf_tables_trans_destroy_work\nRIP: 0010:nft_set_destroy+0x3fe/0x5c0\nCall Trace:\n \n nf_tables_trans_destroy_work+0x6b7/0xad0\n process_one_work+0x64a/0xce0\n worker_thread+0x613/0x10d0\n\nIn case the synchronize_rcu becomes an issue, we can explore alternatives.\n\nOne way would be to allocate nft_trans_rule objects + one nft_trans_chain\nobject, deactivate the rules + the chain and then defer the freeing to the\nnft destroy workqueue. We'd still need to keep the synchronize_rcu path as\na fallback to handle -ENOMEM corner cases though.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56655" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/27f0574253f6c24c8ee4e3f0a685b75ed3a256ed", "url": "https://git.kernel.org/stable/c/27f0574253f6c24c8ee4e3f0a685b75ed3a256ed" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2991dc357a28b61c13ed1f7b59e9251e2b4562fb", "url": "https://git.kernel.org/stable/c/2991dc357a28b61c13ed1f7b59e9251e2b4562fb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5146c27b2780aac59876a887a5f4e793b8949862", "url": "https://git.kernel.org/stable/c/5146c27b2780aac59876a887a5f4e793b8949862" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7cf0bd232b565d9852cb25fd094f77254773e048", "url": "https://git.kernel.org/stable/c/7cf0bd232b565d9852cb25fd094f77254773e048" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b04df3da1b5c6f6dc7cdccc37941740c078c4043", "url": "https://git.kernel.org/stable/c/b04df3da1b5c6f6dc7cdccc37941740c078c4043" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b0f013bebf94fe7ae75e5a53be2f2bd1cc1841e3", "url": "https://git.kernel.org/stable/c/b0f013bebf94fe7ae75e5a53be2f2bd1cc1841e3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b8d8f53e1858178882b881b8c09f94ef0e83bf76", "url": "https://git.kernel.org/stable/c/b8d8f53e1858178882b881b8c09f94ef0e83bf76" } ], "release_date": "2024-12-27T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22045", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nx86/mm: Fix flush_tlb_range() when used for zapping normal PMDs\nOn the following path, flush_tlb_range() can be used for zapping normal\nPMD entries (PMD entries that point to page tables) together with the PTE\nentries in the pointed-to page table:\ncollapse_pte_mapped_thp\npmdp_collapse_flush\nflush_tlb_range\nThe arm64 version of flush_tlb_range() has a comment describing that it can\nbe used for page table removal, and does not use any last-level\ninvalidation optimizations. Fix the X86 version by making it behave the\nsame way.\nCurrently, X86 only uses this information for the following two purposes,\nwhich I think means the issue doesn't have much impact:\n- In native_flush_tlb_multi() for checking if lazy TLB CPUs need to be\nIPI'd to avoid issues with speculative page table walks.\n- In Hyper-V TLB paravirtualization, again for lazy TLB stuff.\nThe patch \"x86/mm: only invalidate final translations with INVLPGB\" which\nis currently under review (see\n)\nwould probably be making the impact of this a lot worse.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22045" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-23157", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: venus: hfi_parser: add check to avoid out of bound access\nThere is a possibility that init_codecs is invoked multiple times during\nmanipulated payload from video firmware. In such case, if codecs_count\ncan get incremented to value more than MAX_CODEC_NUM, there can be OOB\naccess. Reset the count so that it always starts from beginning.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23157" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-23140", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmisc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error\nAfter devm_request_irq() fails with error in pci_endpoint_test_request_irq(),\nthe pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs\nhave been released.\nHowever, some requested IRQs remain unreleased, so there are still\n/proc/irq/* entries remaining, and this results in WARN() with the\nfollowing message:\nremove_proc_entry: removing non-empty directory 'irq/30', leaking at least 'pci-endpoint-test.0'\nWARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c\nTo solve this issue, set the number of remaining IRQs to test->num_irqs,\nand release IRQs in advance by calling pci_endpoint_test_release_irq().\n[kwilczynski: commit log]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23140" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-23139", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: hci_uart: Fix another race during initialization", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23139" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37738", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\next4: ignore xattrs past end\nOnce inside 'ext4_xattr_inode_dec_ref_all' we should\nignore xattrs entries past the 'end' entry.\nThis fixes the following KASAN reported issue:\n==================================================================\nBUG: KASAN: slab-use-after-free in ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\nRead of size 4 at addr ffff888012c120c4 by task repro/2065\nCPU: 1 UID: 0 PID: 2065 Comm: repro Not tainted 6.13.0-rc2+ #11\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0x1fd/0x300\n? tcp_gro_dev_warn+0x260/0x260\n? _printk+0xc0/0x100\n? read_lock_is_recursive+0x10/0x10\n? irq_work_queue+0x72/0xf0\n? __virt_addr_valid+0x17b/0x4b0\nprint_address_description+0x78/0x390\nprint_report+0x107/0x1f0\n? __virt_addr_valid+0x17b/0x4b0\n? __virt_addr_valid+0x3ff/0x4b0\n? __phys_addr+0xb5/0x160\n? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\nkasan_report+0xcc/0x100\n? ext4_xattr_inode_dec_ref_all+0xb8c/0xe90\next4_xattr_inode_dec_ref_all+0xb8c/0xe90\n? ext4_xattr_delete_inode+0xd30/0xd30\n? __ext4_journal_ensure_credits+0x5f0/0x5f0\n? __ext4_journal_ensure_credits+0x2b/0x5f0\n? inode_update_timestamps+0x410/0x410\next4_xattr_delete_inode+0xb64/0xd30\n? ext4_truncate+0xb70/0xdc0\n? ext4_expand_extra_isize_ea+0x1d20/0x1d20\n? __ext4_mark_inode_dirty+0x670/0x670\n? ext4_journal_check_start+0x16f/0x240\n? ext4_inode_is_fast_symlink+0x2f2/0x3a0\next4_evict_inode+0xc8c/0xff0\n? ext4_inode_is_fast_symlink+0x3a0/0x3a0\n? do_raw_spin_unlock+0x53/0x8a0\n? ext4_inode_is_fast_symlink+0x3a0/0x3a0\nevict+0x4ac/0x950\n? proc_nr_inodes+0x310/0x310\n? trace_ext4_drop_inode+0xa2/0x220\n? _raw_spin_unlock+0x1a/0x30\n? iput+0x4cb/0x7e0\ndo_unlinkat+0x495/0x7c0\n? try_break_deleg+0x120/0x120\n? 0xffffffff81000000\n? __check_object_size+0x15a/0x210\n? strncpy_from_user+0x13e/0x250\n? getname_flags+0x1dc/0x530\n__x64_sys_unlinkat+0xc8/0xf0\ndo_syscall_64+0x65/0x110\nentry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x434ffd\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 8\nRSP: 002b:00007ffc50fa7b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000107\nRAX: ffffffffffffffda RBX: 00007ffc50fa7e18 RCX: 0000000000434ffd\nRDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000005\nRBP: 00007ffc50fa7be0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 00007ffc50fa7e08 R14: 00000000004bbf30 R15: 0000000000000001\n\nThe buggy address belongs to the object at ffff888012c12000\nwhich belongs to the cache filp of size 360\nThe buggy address is located 196 bytes inside of\nfreed 360-byte region [ffff888012c12000, ffff888012c12168)\nThe buggy address belongs to the physical page:\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x12c12\nhead: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nflags: 0x40(head|node=0|zone=0)\npage_type: f5(slab)\nraw: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nraw: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000040 ffff888000ad7640 ffffea0000497a00 dead000000000004\nhead: 0000000000000000 0000000000100010 00000001f5000000 0000000000000000\nhead: 0000000000000001 ffffea00004b0481 ffffffffffffffff 0000000000000000\nhead: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\nffff888012c11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\nffff888012c12000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n> ffff888012c12080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n^\nffff888012c12100: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc\nffff888012c12180: fc fc fc fc fc fc fc fc fc\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37738" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-23163", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: vlan: don't propagate flags on open\nWith the device instance lock, there is now a possibility of a deadlock:\n[ 1.211455] ============================================\n[ 1.211571] WARNING: possible recursive locking detected\n[ 1.211687] 6.14.0-rc5-01215-g032756b4ca7a-dirty #5 Not tainted\n[ 1.211823] --------------------------------------------\n[ 1.211936] ip/184 is trying to acquire lock:\n[ 1.212032] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_set_allmulti+0x4e/0xb0\n[ 1.212207]\n[ 1.212207] but task is already holding lock:\n[ 1.212332] ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.212487]\n[ 1.212487] other info that might help us debug this:\n[ 1.212626] Possible unsafe locking scenario:\n[ 1.212626]\n[ 1.212751] CPU0\n[ 1.212815] ----\n[ 1.212871] lock(&dev->lock);\n[ 1.212944] lock(&dev->lock);\n[ 1.213016]\n[ 1.213016] *** DEADLOCK ***\n[ 1.213016]\n[ 1.213143] May be due to missing lock nesting notation\n[ 1.213143]\n[ 1.213294] 3 locks held by ip/184:\n[ 1.213371] #0: ffffffff838b53e0 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x1b/0xa0\n[ 1.213543] #1: ffffffff84e5fc70 (&net->rtnl_mutex){+.+.}-{4:4}, at: rtnl_nets_lock+0x37/0xa0\n[ 1.213727] #2: ffff8881024a4c30 (&dev->lock){+.+.}-{4:4}, at: dev_open+0x50/0xb0\n[ 1.213895]\n[ 1.213895] stack backtrace:\n[ 1.213991] CPU: 0 UID: 0 PID: 184 Comm: ip Not tainted 6.14.0-rc5-01215-g032756b4ca7a-dirty #5\n[ 1.213993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014\n[ 1.213994] Call Trace:\n[ 1.213995] \n[ 1.213996] dump_stack_lvl+0x8e/0xd0\n[ 1.214000] print_deadlock_bug+0x28b/0x2a0\n[ 1.214020] lock_acquire+0xea/0x2a0\n[ 1.214027] __mutex_lock+0xbf/0xd40\n[ 1.214038] dev_set_allmulti+0x4e/0xb0 # real_dev->flags & IFF_ALLMULTI\n[ 1.214040] vlan_dev_open+0xa5/0x170 # ndo_open on vlandev\n[ 1.214042] __dev_open+0x145/0x270\n[ 1.214046] __dev_change_flags+0xb0/0x1e0\n[ 1.214051] netif_change_flags+0x22/0x60 # IFF_UP vlandev\n[ 1.214053] dev_change_flags+0x61/0xb0 # for each device in group from dev->vlan_info\n[ 1.214055] vlan_device_event+0x766/0x7c0 # on netdevsim0\n[ 1.214058] notifier_call_chain+0x78/0x120\n[ 1.214062] netif_open+0x6d/0x90\n[ 1.214064] dev_open+0x5b/0xb0 # locks netdevsim0\n[ 1.214066] bond_enslave+0x64c/0x1230\n[ 1.214075] do_set_master+0x175/0x1e0 # on netdevsim0\n[ 1.214077] do_setlink+0x516/0x13b0\n[ 1.214094] rtnl_newlink+0xaba/0xb80\n[ 1.214132] rtnetlink_rcv_msg+0x440/0x490\n[ 1.214144] netlink_rcv_skb+0xeb/0x120\n[ 1.214150] netlink_unicast+0x1f9/0x320\n[ 1.214153] netlink_sendmsg+0x346/0x3f0\n[ 1.214157] __sock_sendmsg+0x86/0xb0\n[ 1.214160] ____sys_sendmsg+0x1c8/0x220\n[ 1.214164] ___sys_sendmsg+0x28f/0x2d0\n[ 1.214179] __x64_sys_sendmsg+0xef/0x140\n[ 1.214184] do_syscall_64+0xec/0x1d0\n[ 1.214190] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 1.214191] RIP: 0033:0x7f2d1b4a7e56\nDevice setup:\nnetdevsim0 (down)\n^ ^\nbond netdevsim1.100@netdevsim1 allmulticast=on (down)\nWhen we enslave the lower device (netdevsim0) which has a vlan, we\npropagate vlan's allmuti/promisc flags during ndo_open. This causes\n(re)locking on of the real_dev.\nPropagate allmulti/promisc on flags change, not on the open. There\nis a slight semantics change that vlans that are down now propagate\nthe flags, but this seems unlikely to result in the real issues.\nReproducer:\necho 0 1 > /sys/bus/netdevsim/new_device\ndev_path=$(ls -d /sys/bus/netdevsim/devices/netdevsim0/net/*)\ndev=$(echo $dev_path | rev | cut -d/ -f1 | rev)\nip link set dev $dev name netdevsim0\nip link set dev netdevsim0 up\nip link add link netdevsim0 name netdevsim0.100 type vlan id 100\nip link set dev netdevsim0.100 allm\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23163" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-23159", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: venus: hfi: add a check to handle OOB in sfr region\nsfr->buf_size is in shared memory and can be modified by malicious user.\nOOB write is possible when the size is made higher than actual sfr data\nbuffer. Cap the size to allocated size for such cases.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23159" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-23158", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: venus: hfi: add check to handle incorrect queue size\nqsize represents size of shared queued between driver and video\nfirmware. Firmware can modify this value to an invalid large value. In\nsuch situation, empty_space will be bigger than the space actually\navailable. Since new_wr_idx is not checked, so the following code will\nresult in an OOB write.\n...\nqsize = qhdr->q_size\nif (wr_idx >= rd_idx)\nempty_space = qsize - (wr_idx - rd_idx)\n....\nif (new_wr_idx < qsize) {\nmemcpy(wr_ptr, packet, dwords << 2) --> OOB write\nAdd check to ensure qsize is within the allocated size while\nreading and writing packets into the queue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23158" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37794", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac80211: Purge vif txq in ieee80211_do_stop()\nAfter ieee80211_do_stop() SKB from vif's txq could still be processed.\nIndeed another concurrent vif schedule_and_wake_txq call could cause\nthose packets to be dequeued (see ieee80211_handle_wake_tx_queue())\nwithout checking the sdata current state.\nBecause vif.drv_priv is now cleared in this function, this could lead to\ndriver crash.\nFor example in ath12k, ahvif is store in vif.drv_priv. Thus if\nath12k_mac_op_tx() is called after ieee80211_do_stop(), ahvif->ah can be\nNULL, leading the ath12k_warn(ahvif->ah,...) call in this function to\ntrigger the NULL deref below.\nUnable to handle kernel paging request at virtual address dfffffc000000001\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nbatman_adv: bat0: Interface deactivated: brbh1337\nMem abort info:\nESR = 0x0000000096000004\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x04: level 0 translation fault\nData abort info:\nISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[dfffffc000000001] address between user and kernel address ranges\nInternal error: Oops: 0000000096000004 [#1] SMP\nCPU: 1 UID: 0 PID: 978 Comm: lbd Not tainted 6.13.0-g633f875b8f1e #114\nHardware name: HW (DT)\npstate: 10000005 (nzcV daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : ath12k_mac_op_tx+0x6cc/0x29b8 [ath12k]\nlr : ath12k_mac_op_tx+0x174/0x29b8 [ath12k]\nsp : ffffffc086ace450\nx29: ffffffc086ace450 x28: 0000000000000000 x27: 1ffffff810d59ca4\nx26: ffffff801d05f7c0 x25: 0000000000000000 x24: 000000004000001e\nx23: ffffff8009ce4926 x22: ffffff801f9c0800 x21: ffffff801d05f7f0\nx20: ffffff8034a19f40 x19: 0000000000000000 x18: ffffff801f9c0958\nx17: ffffff800bc0a504 x16: dfffffc000000000 x15: ffffffc086ace4f8\nx14: ffffff801d05f83c x13: 0000000000000000 x12: ffffffb003a0bf03\nx11: 0000000000000000 x10: ffffffb003a0bf02 x9 : ffffff8034a19f40\nx8 : ffffff801d05f818 x7 : 1ffffff0069433dc x6 : ffffff8034a19ee0\nx5 : ffffff801d05f7f0 x4 : 0000000000000000 x3 : 0000000000000001\nx2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000008\nCall trace:\nath12k_mac_op_tx+0x6cc/0x29b8 [ath12k] (P)\nieee80211_handle_wake_tx_queue+0x16c/0x260\nieee80211_queue_skb+0xeec/0x1d20\nieee80211_tx+0x200/0x2c8\nieee80211_xmit+0x22c/0x338\n__ieee80211_subif_start_xmit+0x7e8/0xc60\nieee80211_subif_start_xmit+0xc4/0xee0\n__ieee80211_subif_start_xmit_8023.isra.0+0x854/0x17a0\nieee80211_subif_start_xmit_8023+0x124/0x488\ndev_hard_start_xmit+0x160/0x5a8\n__dev_queue_xmit+0x6f8/0x3120\nbr_dev_queue_push_xmit+0x120/0x4a8\n__br_forward+0xe4/0x2b0\ndeliver_clone+0x5c/0xd0\nbr_flood+0x398/0x580\nbr_dev_xmit+0x454/0x9f8\ndev_hard_start_xmit+0x160/0x5a8\n__dev_queue_xmit+0x6f8/0x3120\nip6_finish_output2+0xc28/0x1b60\n__ip6_finish_output+0x38c/0x638\nip6_output+0x1b4/0x338\nip6_local_out+0x7c/0xa8\nip6_send_skb+0x7c/0x1b0\nip6_push_pending_frames+0x94/0xd0\nrawv6_sendmsg+0x1a98/0x2898\ninet_sendmsg+0x94/0xe0\n__sys_sendto+0x1e4/0x308\n__arm64_sys_sendto+0xc4/0x140\ndo_el0_svc+0x110/0x280\nel0_svc+0x20/0x60\nel0t_64_sync_handler+0x104/0x138\nel0t_64_sync+0x154/0x158\nTo avoid that, empty vif's txq at ieee80211_do_stop() so no packet could\nbe dequeued after ieee80211_do_stop() (new packets cannot be queued\nbecause SDATA_STATE_RUNNING is cleared at this point).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37794" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37781", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ni2c: cros-ec-tunnel: defer probe if parent EC is not present\nWhen i2c-cros-ec-tunnel and the EC driver are built-in, the EC parent\ndevice will not be found, leading to NULL pointer dereference.\nThat can also be reproduced by unbinding the controller driver and then\nloading i2c-cros-ec-tunnel module (or binding the device).\n[ 271.991245] BUG: kernel NULL pointer dereference, address: 0000000000000058\n[ 271.998215] #PF: supervisor read access in kernel mode\n[ 272.003351] #PF: error_code(0x0000) - not-present page\n[ 272.008485] PGD 0 P4D 0\n[ 272.011022] Oops: Oops: 0000 [#1] SMP NOPTI\n[ 272.015207] CPU: 0 UID: 0 PID: 3859 Comm: insmod Tainted: G S 6.15.0-rc1-00004-g44722359ed83 #30 PREEMPT(full) 3c7fb39a552e7d949de2ad921a7d6588d3a4fdc5\n[ 272.030312] Tainted: [S]=CPU_OUT_OF_SPEC\n[ 272.034233] Hardware name: HP Berknip/Berknip, BIOS Google_Berknip.13434.356.0 05/17/2021\n[ 272.042400] RIP: 0010:ec_i2c_probe+0x2b/0x1c0 [i2c_cros_ec_tunnel]\n[ 272.048577] Code: 1f 44 00 00 41 57 41 56 41 55 41 54 53 48 83 ec 10 65 48 8b 05 06 a0 6c e7 48 89 44 24 08 4c 8d 7f 10 48 8b 47 50 4c 8b 60 78 <49> 83 7c 24 58 00 0f 84 2f 01 00 00 48 89 fb be 30 06 00 00 4c 9\n[ 272.067317] RSP: 0018:ffffa32082a03940 EFLAGS: 00010282\n[ 272.072541] RAX: ffff969580b6a810 RBX: ffff969580b68c10 RCX: 0000000000000000\n[ 272.079672] RDX: 0000000000000000 RSI: 0000000000000282 RDI: ffff969580b68c00\n[ 272.086804] RBP: 00000000fffffdfb R08: 0000000000000000 R09: 0000000000000000\n[ 272.093936] R10: 0000000000000000 R11: ffffffffc0600000 R12: 0000000000000000\n[ 272.101067] R13: ffffffffa666fbb8 R14: ffffffffc05b5528 R15: ffff969580b68c10\n[ 272.108198] FS: 00007b930906fc40(0000) GS:ffff969603149000(0000) knlGS:0000000000000000\n[ 272.116282] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 272.122024] CR2: 0000000000000058 CR3: 000000012631c000 CR4: 00000000003506f0\n[ 272.129155] Call Trace:\n[ 272.131606] \n[ 272.133709] ? acpi_dev_pm_attach+0xdd/0x110\n[ 272.137985] platform_probe+0x69/0xa0\n[ 272.141652] really_probe+0x152/0x310\n[ 272.145318] __driver_probe_device+0x77/0x110\n[ 272.149678] driver_probe_device+0x1e/0x190\n[ 272.153864] __driver_attach+0x10b/0x1e0\n[ 272.157790] ? driver_attach+0x20/0x20\n[ 272.161542] bus_for_each_dev+0x107/0x150\n[ 272.165553] bus_add_driver+0x15d/0x270\n[ 272.169392] driver_register+0x65/0x110\n[ 272.173232] ? cleanup_module+0xa80/0xa80 [i2c_cros_ec_tunnel 3a00532f3f4af4a9eade753f86b0f8dd4e4e5698]\n[ 272.182617] do_one_initcall+0x110/0x350\n[ 272.186543] ? security_kernfs_init_security+0x49/0xd0\n[ 272.191682] ? __kernfs_new_node+0x1b9/0x240\n[ 272.195954] ? security_kernfs_init_security+0x49/0xd0\n[ 272.201093] ? __kernfs_new_node+0x1b9/0x240\n[ 272.205365] ? kernfs_link_sibling+0x105/0x130\n[ 272.209810] ? kernfs_next_descendant_post+0x1c/0xa0\n[ 272.214773] ? kernfs_activate+0x57/0x70\n[ 272.218699] ? kernfs_add_one+0x118/0x160\n[ 272.222710] ? __kernfs_create_file+0x71/0xa0\n[ 272.227069] ? sysfs_add_bin_file_mode_ns+0xd6/0x110\n[ 272.232033] ? internal_create_group+0x453/0x4a0\n[ 272.236651] ? __vunmap_range_noflush+0x214/0x2d0\n[ 272.241355] ? __free_frozen_pages+0x1dc/0x420\n[ 272.245799] ? free_vmap_area_noflush+0x10a/0x1c0\n[ 272.250505] ? load_module+0x1509/0x16f0\n[ 272.254431] do_init_module+0x60/0x230\n[ 272.258181] __se_sys_finit_module+0x27a/0x370\n[ 272.262627] do_syscall_64+0x6a/0xf0\n[ 272.266206] ? do_syscall_64+0x76/0xf0\n[ 272.269956] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 272.274836] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 272.279887] RIP: 0033:0x7b9309168d39\n[ 272.283466] Code: 5b 41 5c 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d af 40 0c 00 f7 d8 64 89 01 8\n[ 272.302210] RSP: 002b:00007fff50f1a288 EFLAGS: 00000246 ORIG_RAX: 000\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37781" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37773", "cwe": { "id": "CWE-253", "name": "Incorrect Check of Function Return Value" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nvirtiofs: add filesystem context source name check\nIn certain scenarios, for example, during fuzz testing, the source\nname may be NULL, which could lead to a kernel panic. Therefore, an\nextra check for the source name should be added.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37773" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37766", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/pm: Prevent division by zero\nThe user can set any speed value.\nIf speed is greater than UINT_MAX/8, division by zero is possible.\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37766" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37765", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/nouveau: prime: fix ttm_bo_delayed_delete oops\nFix an oops in ttm_bo_delayed_delete which results from dererencing a\ndangling pointer:\nOops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b7b: 0000 [#1] PREEMPT SMP\nCPU: 4 UID: 0 PID: 1082 Comm: kworker/u65:2 Not tainted 6.14.0-rc4-00267-g505460b44513-dirty #216\nHardware name: LENOVO 82N6/LNVNB161216, BIOS GKCN65WW 01/16/2024\nWorkqueue: ttm ttm_bo_delayed_delete [ttm]\nRIP: 0010:dma_resv_iter_first_unlocked+0x55/0x290\nCode: 31 f6 48 c7 c7 00 2b fa aa e8 97 bd 52 ff e8 a2 c1 53 00 5a 85 c0 74 48 e9 88 01 00 00 4c 89 63 20 4d 85 e4 0f 84 30 01 00 00 <41> 8b 44 24 10 c6 43 2c 01 48 89 df 89 43 28 e8 97 fd ff ff 4c 8b\nRSP: 0018:ffffbf9383473d60 EFLAGS: 00010202\nRAX: 0000000000000001 RBX: ffffbf9383473d88 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffbf9383473d78 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 6b6b6b6b6b6b6b6b\nR13: ffffa003bbf78580 R14: ffffa003a6728040 R15: 00000000000383cc\nFS: 0000000000000000(0000) GS:ffffa00991c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000758348024dd0 CR3: 000000012c259000 CR4: 0000000000f50ef0\nPKRU: 55555554\nCall Trace:\n\n? __die_body.cold+0x19/0x26\n? die_addr+0x3d/0x70\n? exc_general_protection+0x159/0x460\n? asm_exc_general_protection+0x27/0x30\n? dma_resv_iter_first_unlocked+0x55/0x290\ndma_resv_wait_timeout+0x56/0x100\nttm_bo_delayed_delete+0x69/0xb0 [ttm]\nprocess_one_work+0x217/0x5c0\nworker_thread+0x1c8/0x3d0\n? apply_wqattrs_cleanup.part.0+0xc0/0xc0\nkthread+0x10b/0x240\n? kthreads_online_cpu+0x140/0x140\nret_from_fork+0x40/0x70\n? kthreads_online_cpu+0x140/0x140\nret_from_fork_asm+0x11/0x20\n\nThe cause of this is:\n- drm_prime_gem_destroy calls dma_buf_put(dma_buf) which releases the\nreference to the shared dma_buf. The reference count is 0, so the\ndma_buf is destroyed, which in turn decrements the corresponding\namdgpu_bo reference count to 0, and the amdgpu_bo is destroyed -\ncalling drm_gem_object_release then dma_resv_fini (which destroys the\nreservation object), then finally freeing the amdgpu_bo.\n- nouveau_bo obj->bo.base.resv is now a dangling pointer to the memory\nformerly allocated to the amdgpu_bo.\n- nouveau_gem_object_del calls ttm_bo_put(&nvbo->bo) which calls\nttm_bo_release, which schedules ttm_bo_delayed_delete.\n- ttm_bo_delayed_delete runs and dereferences the dangling resv pointer,\nresulting in a general protection fault.\nFix this by moving the drm_prime_gem_destroy call from\nnouveau_gem_object_del to nouveau_bo_del_ttm. This ensures that it will\nbe run after ttm_bo_delayed_delete.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37765" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37823", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too\nSimilarly to the previous patch, we need to safe guard hfsc_dequeue()\ntoo. But for this one, we don't have a reliable reproducer.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37823" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37902", "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\ndm: fix copying after src array boundaries\nThe blammed commit copied to argv the size of the reallocated argv,\ninstead of the size of the old_argv, thus reading and copying from\npast the old_argv allocated memory.\nFollowing BUG_ON was hit:\n[ 3.038929][ T1] kernel BUG at lib/string_helpers.c:1040!\n[ 3.039147][ T1] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n...\n[ 3.056489][ T1] Call trace:\n[ 3.056591][ T1] __fortify_panic+0x10/0x18 (P)\n[ 3.056773][ T1] dm_split_args+0x20c/0x210\n[ 3.056942][ T1] dm_table_add_target+0x13c/0x360\n[ 3.057132][ T1] table_load+0x110/0x3ac\n[ 3.057292][ T1] dm_ctl_ioctl+0x424/0x56c\n[ 3.057457][ T1] __arm64_sys_ioctl+0xa8/0xec\n[ 3.057634][ T1] invoke_syscall+0x58/0x10c\n[ 3.057804][ T1] el0_svc_common+0xa8/0xdc\n[ 3.057970][ T1] do_el0_svc+0x1c/0x28\n[ 3.058123][ T1] el0_svc+0x50/0xac\n[ 3.058266][ T1] el0t_64_sync_handler+0x60/0xc4\n[ 3.058452][ T1] el0t_64_sync+0x1b0/0x1b4\n[ 3.058620][ T1] Code: f800865e a9bf7bfd 910003fd 941f48aa (d4210000)\n[ 3.058897][ T1] ---[ end trace 0000000000000000 ]---\n[ 3.059083][ T1] Kernel panic - not syncing: Oops - BUG: Fatal exception\nFix it by copying the size of src, and not the size of dst, as it was.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37902" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37937", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nobjtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()\nIf dib8000_set_dds()'s call to dib8000_read32() returns zero, the result\nis a divide-by-zero. Prevent that from happening.\nFixes the following warning with an UBSAN kernel:\ndrivers/media/dvb-frontends/dib8000.o: warning: objtool: dib8000_tune() falls through to next function dib8096p_cfg_DibRx()", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37937" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-37983", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nqibfs: fix _another_ leak\nfailure to allocate inode => leaked dentry...\nthis one had been there since the initial merge; to be fair,\nif we are that far OOM, the odds of failing at that particular\nallocation are low...", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37983" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37982", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: wl1251: fix memory leak in wl1251_tx_work\nThe skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails\nwith a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37982" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37949", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nxenbus: Use kref to track req lifetime\nMarek reported seeing a NULL pointer fault in the xenbus_thread\ncallstack:\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: e030:__wake_up_common+0x4c/0x180\nCall Trace:\n\n__wake_up_common_lock+0x82/0xd0\nprocess_msg+0x18e/0x2f0\nxenbus_thread+0x165/0x1c0\nprocess_msg+0x18e is req->cb(req). req->cb is set to xs_wake_up(), a\nthin wrapper around wake_up(), or xenbus_dev_queue_reply(). It seems\nlike it was xs_wake_up() in this case.\nIt seems like req may have woken up the xs_wait_for_reply(), which\nkfree()ed the req. When xenbus_thread resumes, it faults on the zero-ed\ndata.\nLinux Device Drivers 2nd edition states:\n\"Normally, a wake_up call can cause an immediate reschedule to happen,\nmeaning that other processes might run before wake_up returns.\"\n... which would match the behaviour observed.\nChange to keeping two krefs on each request. One for the caller, and\none for xenbus_thread. Each will kref_put() when finished, and the last\nwill free it.\nThis use of kref matches the description in\nDocumentation/core-api/kref.rst", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37949" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38001", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Address reentrant enqueue adding class to eltree twice\nSavino says:\n\"We are writing to report that this recent patch\n(141d34391abbb315d68556b7c67ad97885407547) [1]\ncan be bypassed, and a UAF can still occur when HFSC is utilized with\nNETEM.\nThe patch only checks the cl->cl_nactive field to determine whether\nit is the first insertion or not [2], but this field is only\nincremented by init_vf [3].\nBy using HFSC_RSC (which uses init_ed) [4], it is possible to bypass the\ncheck and insert the class twice in the eltree.\nUnder normal conditions, this would lead to an infinite loop in\nhfsc_dequeue for the reasons we already explained in this report [5].\nHowever, if TBF is added as root qdisc and it is configured with a\nvery low rate,\nit can be utilized to prevent packets from being dequeued.\nThis behavior can be exploited to perform subsequent insertions in the\nHFSC eltree and cause a UAF.\"\nTo fix both the UAF and the infinite loop, with netem as an hfsc child,\ncheck explicitly in hfsc_enqueue whether the class is already in the eltree\nwhenever the HFSC_RSC flag is set.\n[1] https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=141d34391abbb315d68556b7c67ad97885407547\n[2] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1572\n[3] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L677\n[4] https://elixir.bootlin.com/linux/v6.15-rc5/source/net/sched/sch_hfsc.c#L1574\n[5] https://lore.kernel.org/netdev/8DuRWwfqjoRDLDmBMlIfbrsZg9Gx50DHJc1ilxsEBNe2D6NMoigR_eIRIG0LOjMc3r10nUUZtArXx4oZBIdUfZQrwjcQhdinnMis_0G7VEk=@willsroot.io/T/#u", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38001" } ], "release_date": "2025-06-06T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38051", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsmb: client: Fix use-after-free in cifs_fill_dirent\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n==================================================================\nBUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\nRead of size 4 at addr ffff8880099b819c by task a.out/342975\nCPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nCall Trace:\n\ndump_stack_lvl+0x53/0x70\nprint_report+0xce/0x640\nkasan_report+0xb8/0xf0\ncifs_fill_dirent+0xb03/0xb60 [cifs]\ncifs_readdir+0x12cb/0x3190 [cifs]\niterate_dir+0x1a1/0x520\n__x64_sys_getdents+0x134/0x220\ndo_syscall_64+0x4b/0x110\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nRIP: 0033:0x7f996f64b9f9\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\nf7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\nf0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\nRSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\nRAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\nRBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\nR13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n\nAllocated by task 408:\nkasan_save_stack+0x20/0x40\nkasan_save_track+0x14/0x30\n__kasan_slab_alloc+0x6e/0x70\nkmem_cache_alloc_noprof+0x117/0x3d0\nmempool_alloc_noprof+0xf2/0x2c0\ncifs_buf_get+0x36/0x80 [cifs]\nallocate_buffers+0x1d2/0x330 [cifs]\ncifs_demultiplex_thread+0x22b/0x2690 [cifs]\nkthread+0x394/0x720\nret_from_fork+0x34/0x70\nret_from_fork_asm+0x1a/0x30\nFreed by task 342979:\nkasan_save_stack+0x20/0x40\nkasan_save_track+0x14/0x30\nkasan_save_free_info+0x3b/0x60\n__kasan_slab_free+0x37/0x50\nkmem_cache_free+0x2b8/0x500\ncifs_buf_release+0x3c/0x70 [cifs]\ncifs_readdir+0x1c97/0x3190 [cifs]\niterate_dir+0x1a1/0x520\n__x64_sys_getdents64+0x134/0x220\ndo_syscall_64+0x4b/0x110\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nThe buggy address belongs to the object at ffff8880099b8000\nwhich belongs to the cache cifs_request of size 16588\nThe buggy address is located 412 bytes inside of\nfreed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\nhead: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\nanon flags: 0x80000000000040(head|node=0|zone=1)\npage_type: f5(slab)\nraw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\nraw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\nhead: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\nhead: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\nhead: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\nhead: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\nffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n>ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n^\nffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n==================================================================\nPOC is available in the link [1].\nThe problem triggering process is as follows:\nProcess 1 Process 2\n-----------------------------------\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38051" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38035", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnvmet-tcp: don't restore null sk_state_change\nqueue->state_change is set as part of nvmet_tcp_set_queue_sock(), but if\nthe TCP connection isn't established when nvmet_tcp_set_queue_sock() is\ncalled then queue->state_change isn't set and sock->sk->sk_state_change\nisn't replaced.\nAs such we don't need to restore sock->sk->sk_state_change if\nqueue->state_change is NULL.\nThis avoids NULL pointer dereferences such as this:\n[ 286.462026][ C0] BUG: kernel NULL pointer dereference, address: 0000000000000000\n[ 286.462814][ C0] #PF: supervisor instruction fetch in kernel mode\n[ 286.463796][ C0] #PF: error_code(0x0010) - not-present page\n[ 286.464392][ C0] PGD 8000000140620067 P4D 8000000140620067 PUD 114201067 PMD 0\n[ 286.465086][ C0] Oops: Oops: 0010 [#1] SMP KASAN PTI\n[ 286.465559][ C0] CPU: 0 UID: 0 PID: 1628 Comm: nvme Not tainted 6.15.0-rc2+ #11 PREEMPT(voluntary)\n[ 286.466393][ C0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[ 286.467147][ C0] RIP: 0010:0x0\n[ 286.467420][ C0] Code: Unable to access opcode bytes at 0xffffffffffffffd6.\n[ 286.467977][ C0] RSP: 0018:ffff8883ae008580 EFLAGS: 00010246\n[ 286.468425][ C0] RAX: 0000000000000000 RBX: ffff88813fd34100 RCX: ffffffffa386cc43\n[ 286.469019][ C0] RDX: 1ffff11027fa68b6 RSI: 0000000000000008 RDI: ffff88813fd34100\n[ 286.469545][ C0] RBP: ffff88813fd34160 R08: 0000000000000000 R09: ffffed1027fa682c\n[ 286.470072][ C0] R10: ffff88813fd34167 R11: 0000000000000000 R12: ffff88813fd344c3\n[ 286.470585][ C0] R13: ffff88813fd34112 R14: ffff88813fd34aec R15: ffff888132cdd268\n[ 286.471070][ C0] FS: 00007fe3c04c7d80(0000) GS:ffff88840743f000(0000) knlGS:0000000000000000\n[ 286.471644][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 286.472543][ C0] CR2: ffffffffffffffd6 CR3: 000000012daca000 CR4: 00000000000006f0\n[ 286.473500][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 286.474467][ C0] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\n[ 286.475453][ C0] Call Trace:\n[ 286.476102][ C0] \n[ 286.476719][ C0] tcp_fin+0x2bb/0x440\n[ 286.477429][ C0] tcp_data_queue+0x190f/0x4e60\n[ 286.478174][ C0] ? __build_skb_around+0x234/0x330\n[ 286.478940][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.479659][ C0] ? __pfx_tcp_data_queue+0x10/0x10\n[ 286.480431][ C0] ? tcp_try_undo_loss+0x640/0x6c0\n[ 286.481196][ C0] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 286.482046][ C0] ? kvm_clock_get_cycles+0x14/0x30\n[ 286.482769][ C0] ? ktime_get+0x66/0x150\n[ 286.483433][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.484146][ C0] tcp_rcv_established+0x6e4/0x2050\n[ 286.484857][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.485523][ C0] ? ipv4_dst_check+0x160/0x2b0\n[ 286.486203][ C0] ? __pfx_tcp_rcv_established+0x10/0x10\n[ 286.486917][ C0] ? lock_release+0x217/0x2c0\n[ 286.487595][ C0] tcp_v4_do_rcv+0x4d6/0x9b0\n[ 286.488279][ C0] tcp_v4_rcv+0x2af8/0x3e30\n[ 286.488904][ C0] ? raw_local_deliver+0x51b/0xad0\n[ 286.489551][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.490198][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10\n[ 286.490813][ C0] ? __pfx_raw_local_deliver+0x10/0x10\n[ 286.491487][ C0] ? __pfx_nf_confirm+0x10/0x10 [nf_conntrack]\n[ 286.492275][ C0] ? rcu_is_watching+0x11/0xb0\n[ 286.492900][ C0] ip_protocol_deliver_rcu+0x8f/0x370\n[ 286.493579][ C0] ip_local_deliver_finish+0x297/0x420\n[ 286.494268][ C0] ip_local_deliver+0x168/0x430\n[ 286.494867][ C0] ? __pfx_ip_local_deliver+0x10/0x10\n[ 286.495498][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10\n[ 286.496204][ C0] ? ip_rcv_finish_core+0x19a/0x1f20\n[ 286.496806][ C0] ? lock_release+0x217/0x2c0\n[ 286.497414][ C0] ip_rcv+0x455/0x6e0\n[ 286.497945][ C0] ? __pfx_ip_rcv+0x10/0x10\n[ \n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38035" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38024", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x7d/0xa0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:378 [inline]\nprint_report+0xcf/0x610 mm/kasan/report.c:489\nkasan_report+0xb5/0xe0 mm/kasan/report.c:602\nrxe_queue_cleanup+0xd0/0xe0 drivers/infiniband/sw/rxe/rxe_queue.c:195\nrxe_cq_cleanup+0x3f/0x50 drivers/infiniband/sw/rxe/rxe_cq.c:132\n__rxe_cleanup+0x168/0x300 drivers/infiniband/sw/rxe/rxe_pool.c:232\nrxe_create_cq+0x22e/0x3a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1109\ncreate_cq+0x658/0xb90 drivers/infiniband/core/uverbs_cmd.c:1052\nib_uverbs_create_cq+0xc7/0x120 drivers/infiniband/core/uverbs_cmd.c:1095\nib_uverbs_write+0x969/0xc90 drivers/infiniband/core/uverbs_main.c:679\nvfs_write fs/read_write.c:677 [inline]\nvfs_write+0x26a/0xcc0 fs/read_write.c:659\nksys_write+0x1b8/0x200 fs/read_write.c:731\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nIn the function rxe_create_cq, when rxe_cq_from_init fails, the function\nrxe_cleanup will be called to handle the allocated resources. In fact,\nsome memory resources have already been freed in the function\nrxe_cq_from_init. Thus, this problem will occur.\nThe solution is to let rxe_cleanup do all the work.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38024" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38065", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\norangefs: Do not truncate file size\n'len' is used to store the result of i_size_read(), so making 'len'\na size_t results in truncation to 4GiB on 32-bit systems.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38065" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38061", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: pktgen: fix access outside of user given buffer in pktgen_thread_write()\nHonour the user given buffer size for the strn_len() calls (otherwise\nstrn_len() will access memory outside of the user given buffer).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38061" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38086", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: ch9200: fix uninitialised access during mii_nway_restart\nIn mii_nway_restart() the code attempts to call\nmii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read()\nutilises a local buffer called \"buff\", which is initialised\nwith control_read(). However \"buff\" is conditionally\ninitialised inside control_read():\nif (err == size) {\nmemcpy(data, buf, size);\n}\nIf the condition of \"err == size\" is not met, then\n\"buff\" remains uninitialised. Once this happens the\nuninitialised \"buff\" is accessed and returned during\nch9200_mdio_read():\nreturn (buff[0] | buff[1] << 8);\nThe problem stems from the fact that ch9200_mdio_read()\nignores the return value of control_read(), leading to\nuinit-access of \"buff\".\nTo fix this we should check the return value of\ncontrol_read() and return early on error.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38086" } ], "release_date": "2025-06-28T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38147", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncalipso: Don't call calipso functions for AF_INET sk.\nsyzkaller reported a null-ptr-deref in txopt_get(). [0]\nThe offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo,\nso struct ipv6_pinfo was NULL there.\nHowever, this never happens for IPv6 sockets as inet_sk(sk)->pinet6\nis always set in inet6_create(), meaning the socket was not IPv6 one.\nThe root cause is missing validation in netlbl_conn_setattr().\nnetlbl_conn_setattr() switches branches based on struct\nsockaddr.sa_family, which is passed from userspace. However,\nnetlbl_conn_setattr() does not check if the address family matches\nthe socket.\nThe syzkaller must have called connect() for an IPv6 address on\nan IPv4 socket.\nWe have a proper validation in tcp_v[46]_connect(), but\nsecurity_socket_connect() is called in the earlier stage.\nLet's copy the validation to netlbl_conn_setattr().\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 2 UID: 0 PID: 12928 Comm: syz.9.1677 Not tainted 6.12.0 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:txopt_get include/net/ipv6.h:390 [inline]\nRIP: 0010:\nCode: 02 00 00 49 8b ac 24 f8 02 00 00 e8 84 69 2a fd e8 ff 00 16 fd 48 8d 7d 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 53 02 00 00 48 8b 6d 70 48 85 ed 0f 84 ab 01 00\nRSP: 0018:ffff88811b8afc48 EFLAGS: 00010212\nRAX: dffffc0000000000 RBX: 1ffff11023715f8a RCX: ffffffff841ab00c\nRDX: 000000000000000e RSI: ffffc90007d9e000 RDI: 0000000000000070\nRBP: 0000000000000000 R08: ffffed1023715f9d R09: ffffed1023715f9e\nR10: ffffed1023715f9d R11: 0000000000000003 R12: ffff888123075f00\nR13: ffff88810245bd80 R14: ffff888113646780 R15: ffff888100578a80\nFS: 00007f9019bd7640(0000) GS:ffff8882d2d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f901b927bac CR3: 0000000104788003 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n\ncalipso_sock_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:557\nnetlbl_conn_setattr+0x10c/0x280 net/netlabel/netlabel_kapi.c:1177\nselinux_netlbl_socket_connect_helper+0xd3/0x1b0 security/selinux/netlabel.c:569\nselinux_netlbl_socket_connect_locked security/selinux/netlabel.c:597 [inline]\nselinux_netlbl_socket_connect+0xb6/0x100 security/selinux/netlabel.c:615\nselinux_socket_connect+0x5f/0x80 security/selinux/hooks.c:4931\nsecurity_socket_connect+0x50/0xa0 security/security.c:4598\n__sys_connect_file+0xa4/0x190 net/socket.c:2067\n__sys_connect+0x12c/0x170 net/socket.c:2088\n__do_sys_connect net/socket.c:2098 [inline]\n__se_sys_connect net/socket.c:2095 [inline]\n__x64_sys_connect+0x73/0xb0 net/socket.c:2095\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xaa/0x1b0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f901b61a12d\nCode: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f9019bd6fa8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f901b925fa0 RCX: 00007f901b61a12d\nRDX: 000000000000001c RSI: 0000200000000140 RDI: 0000000000000003\nRBP: 00007f901b701505 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f901b5b62a0 R15: 00007f9019bb7000\n\nModules linked in:", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38147" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38136", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: renesas_usbhs: Reorder clock handling and power management in probe\nReorder the initialization sequence in `usbhs_probe()` to enable runtime\nPM before accessing registers, preventing potential crashes due to\nuninitialized clocks.\nCurrently, in the probe path, registers are accessed before enabling the\nclocks, leading to a synchronous external abort on the RZ/V2H SoC.\nThe problematic call flow is as follows:\nusbhs_probe()\nusbhs_sys_clock_ctrl()\nusbhs_bset()\nusbhs_write()\niowrite16() <-- Register access before enabling clocks\nSince `iowrite16()` is performed without ensuring the required clocks are\nenabled, this can lead to access errors. To fix this, enable PM runtime\nearly in the probe function and ensure clocks are acquired before register\naccess, preventing crashes like the following on RZ/V2H:\n[13.272640] Internal error: synchronous external abort: 0000000096000010 [#1] PREEMPT SMP\n[13.280814] Modules linked in: cec renesas_usbhs(+) drm_kms_helper fuse drm backlight ipv6\n[13.289088] CPU: 1 UID: 0 PID: 195 Comm: (udev-worker) Not tainted 6.14.0-rc7+ #98\n[13.296640] Hardware name: Renesas RZ/V2H EVK Board based on r9a09g057h44 (DT)\n[13.303834] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[13.310770] pc : usbhs_bset+0x14/0x4c [renesas_usbhs]\n[13.315831] lr : usbhs_probe+0x2e4/0x5ac [renesas_usbhs]\n[13.321138] sp : ffff8000827e3850\n[13.324438] x29: ffff8000827e3860 x28: 0000000000000000 x27: ffff8000827e3ca0\n[13.331554] x26: ffff8000827e3ba0 x25: ffff800081729668 x24: 0000000000000025\n[13.338670] x23: ffff0000c0f08000 x22: 0000000000000000 x21: ffff0000c0f08010\n[13.345783] x20: 0000000000000000 x19: ffff0000c3b52080 x18: 00000000ffffffff\n[13.352895] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000827e36ce\n[13.360009] x14: 00000000000003d7 x13: 00000000000003d7 x12: 0000000000000000\n[13.367122] x11: 0000000000000000 x10: 0000000000000aa0 x9 : ffff8000827e3750\n[13.374235] x8 : ffff0000c1850b00 x7 : 0000000003826060 x6 : 000000000000001c\n[13.381347] x5 : 000000030d5fcc00 x4 : ffff8000825c0000 x3 : 0000000000000000\n[13.388459] x2 : 0000000000000400 x1 : 0000000000000000 x0 : ffff0000c3b52080\n[13.395574] Call trace:\n[13.398013] usbhs_bset+0x14/0x4c [renesas_usbhs] (P)\n[13.403076] platform_probe+0x68/0xdc\n[13.406738] really_probe+0xbc/0x2c0\n[13.410306] __driver_probe_device+0x78/0x120\n[13.414653] driver_probe_device+0x3c/0x154\n[13.418825] __driver_attach+0x90/0x1a0\n[13.422647] bus_for_each_dev+0x7c/0xe0\n[13.426470] driver_attach+0x24/0x30\n[13.430032] bus_add_driver+0xe4/0x208\n[13.433766] driver_register+0x68/0x130\n[13.437587] __platform_driver_register+0x24/0x30\n[13.442273] renesas_usbhs_driver_init+0x20/0x1000 [renesas_usbhs]\n[13.448450] do_one_initcall+0x60/0x1d4\n[13.452276] do_init_module+0x54/0x1f8\n[13.456014] load_module+0x1754/0x1c98\n[13.459750] init_module_from_file+0x88/0xcc\n[13.464004] __arm64_sys_finit_module+0x1c4/0x328\n[13.468689] invoke_syscall+0x48/0x104\n[13.472426] el0_svc_common.constprop.0+0xc0/0xe0\n[13.477113] do_el0_svc+0x1c/0x28\n[13.480415] el0_svc+0x30/0xcc\n[13.483460] el0t_64_sync_handler+0x10c/0x138\n[13.487800] el0t_64_sync+0x198/0x19c\n[13.491453] Code: 2a0103e1 12003c42 12003c63 8b010084 (79400084)\n[13.497522] ---[ end trace 0000000000000000 ]---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38136" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38181", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncalipso: Fix null-ptr-deref in calipso_req_{set,del}attr().\nsyzkaller reported a null-ptr-deref in sock_omalloc() while allocating\na CALIPSO option. [0]\nThe NULL is of struct sock, which was fetched by sk_to_full_sk() in\ncalipso_req_setattr().\nSince commit a1a5344ddbe8 (\"tcp: avoid two atomic ops for syncookies\"),\nreqsk->rsk_listener could be NULL when SYN Cookie is returned to its\nclient, as hinted by the leading SYN Cookie log.\nHere are 3 options to fix the bug:\n1) Return 0 in calipso_req_setattr()\n2) Return an error in calipso_req_setattr()\n3) Alaways set rsk_listener\n1) is no go as it bypasses LSM, but 2) effectively disables SYN Cookie\nfor CALIPSO. 3) is also no go as there have been many efforts to reduce\natomic ops and make TCP robust against DDoS. See also commit 3b24d854cb35\n(\"tcp/dccp: do not touch listener sk_refcnt under synflood\").\nAs of the blamed commit, SYN Cookie already did not need refcounting,\nand no one has stumbled on the bug for 9 years, so no CALIPSO user will\ncare about SYN Cookie.\nLet's return an error in calipso_req_setattr() and calipso_req_delattr()\nin the SYN Cookie case.\nThis can be reproduced by [1] on Fedora and now connect() of nc times out.\n[0]:\nTCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\nCPU: 3 UID: 0 PID: 12262 Comm: syz.1.2611 Not tainted 6.14.0 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:read_pnet include/net/net_namespace.h:406 [inline]\nRIP: 0010:sock_net include/net/sock.h:655 [inline]\nRIP: 0010:sock_kmalloc+0x35/0x170 net/core/sock.c:2806\nCode: 89 d5 41 54 55 89 f5 53 48 89 fb e8 25 e3 c6 fd e8 f0 91 e3 00 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 26 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b\nRSP: 0018:ffff88811af89038 EFLAGS: 00010216\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff888105266400\nRDX: 0000000000000006 RSI: ffff88800c890000 RDI: 0000000000000030\nRBP: 0000000000000050 R08: 0000000000000000 R09: ffff88810526640e\nR10: ffffed1020a4cc81 R11: ffff88810526640f R12: 0000000000000000\nR13: 0000000000000820 R14: ffff888105266400 R15: 0000000000000050\nFS: 00007f0653a07640(0000) GS:ffff88811af80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f863ba096f4 CR3: 00000000163c0005 CR4: 0000000000770ef0\nPKRU: 80000000\nCall Trace:\n\nipv6_renew_options+0x279/0x950 net/ipv6/exthdrs.c:1288\ncalipso_req_setattr+0x181/0x340 net/ipv6/calipso.c:1204\ncalipso_req_setattr+0x56/0x80 net/netlabel/netlabel_calipso.c:597\nnetlbl_req_setattr+0x18a/0x440 net/netlabel/netlabel_kapi.c:1249\nselinux_netlbl_inet_conn_request+0x1fb/0x320 security/selinux/netlabel.c:342\nselinux_inet_conn_request+0x1eb/0x2c0 security/selinux/hooks.c:5551\nsecurity_inet_conn_request+0x50/0xa0 security/security.c:4945\ntcp_v6_route_req+0x22c/0x550 net/ipv6/tcp_ipv6.c:825\ntcp_conn_request+0xec8/0x2b70 net/ipv4/tcp_input.c:7275\ntcp_v6_conn_request+0x1e3/0x440 net/ipv6/tcp_ipv6.c:1328\ntcp_rcv_state_process+0xafa/0x52b0 net/ipv4/tcp_input.c:6781\ntcp_v6_do_rcv+0x8a6/0x1a40 net/ipv6/tcp_ipv6.c:1667\ntcp_v6_rcv+0x505e/0x5b50 net/ipv6/tcp_ipv6.c:1904\nip6_protocol_deliver_rcu+0x17c/0x1da0 net/ipv6/ip6_input.c:436\nip6_input_finish+0x103/0x180 net/ipv6/ip6_input.c:480\nNF_HOOK include/linux/netfilter.h:314 [inline]\nNF_HOOK include/linux/netfilter.h:308 [inline]\nip6_input+0x13c/0x6b0 net/ipv6/ip6_input.c:491\ndst_input include/net/dst.h:469 [inline]\nip6_rcv_finish net/ipv6/ip6_input.c:79 [inline]\nip6_rcv_finish+0xb6/0x490 net/ipv6/ip6_input.c:69\nNF_HOOK include/linux/netfilter.h:314 [inline]\nNF_HOOK include/linux/netf\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38181" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38222", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\next4: inline: fix len overflow in ext4_prepare_inline_data\nWhen running the following code on an ext4 filesystem with inline_data\nfeature enabled, it will lead to the bug below.\nfd = open(\"file1\", O_RDWR | O_CREAT | O_TRUNC, 0666);\nftruncate(fd, 30);\npwrite(fd, \"a\", 1, (1UL << 40) + 5UL);\nThat happens because write_begin will succeed as when\next4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len\nwill be truncated, leading to ext4_prepare_inline_data parameter to be 6\ninstead of 0x10000000006.\nThen, later when write_end is called, we hit:\nBUG_ON(pos + len > EXT4_I(inode)->i_inline_size);\nat ext4_write_inline_data.\nFix it by using a loff_t type for the len parameter in\next4_prepare_inline_data instead of an unsigned int.\n[ 44.545164] ------------[ cut here ]------------\n[ 44.545530] kernel BUG at fs/ext4/inline.c:240!\n[ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI\n[ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb\n[ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100\n[ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b <0f> 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49\n[ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216\n[ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006\n[ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738\n[ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\n[ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000\n[ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738\n[ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000\n[ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0\n[ 44.546523] PKRU: 55555554\n[ 44.546523] Call Trace:\n[ 44.546523] \n[ 44.546523] ext4_write_inline_data_end+0x126/0x2d0\n[ 44.546523] generic_perform_write+0x17e/0x270\n[ 44.546523] ext4_buffered_write_iter+0xc8/0x170\n[ 44.546523] vfs_write+0x2be/0x3e0\n[ 44.546523] __x64_sys_pwrite64+0x6d/0xc0\n[ 44.546523] do_syscall_64+0x6a/0xf0\n[ 44.546523] ? __wake_up+0x89/0xb0\n[ 44.546523] ? xas_find+0x72/0x1c0\n[ 44.546523] ? next_uptodate_folio+0x317/0x330\n[ 44.546523] ? set_pte_range+0x1a6/0x270\n[ 44.546523] ? filemap_map_pages+0x6ee/0x840\n[ 44.546523] ? ext4_setattr+0x2fa/0x750\n[ 44.546523] ? do_pte_missing+0x128/0xf70\n[ 44.546523] ? security_inode_post_setattr+0x3e/0xd0\n[ 44.546523] ? ___pte_offset_map+0x19/0x100\n[ 44.546523] ? handle_mm_fault+0x721/0xa10\n[ 44.546523] ? do_user_addr_fault+0x197/0x730\n[ 44.546523] ? do_syscall_64+0x76/0xf0\n[ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60\n[ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90\n[ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d\n[ 44.546523] RIP: 0033:0x7f42999c6687\n[ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff\n[ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012\n[ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687\n[ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003\n[ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000\n[ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38222" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38219", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nf2fs: prevent kernel warning due to negative i_nlink from corrupted image\nWARNING: CPU: 1 PID: 9426 at fs/inode.c:417 drop_nlink+0xac/0xd0\nhome/cc/linux/fs/inode.c:417\nModules linked in:\nCPU: 1 UID: 0 PID: 9426 Comm: syz-executor568 Not tainted\n6.14.0-12627-g94d471a4f428 #2 PREEMPT(full)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nRIP: 0010:drop_nlink+0xac/0xd0 home/cc/linux/fs/inode.c:417\nCode: 48 8b 5d 28 be 08 00 00 00 48 8d bb 70 07 00 00 e8 f9 67 e6 ff\nf0 48 ff 83 70 07 00 00 5b 5d e9 9a 12 82 ff e8 95 12 82 ff 90\n<0f> 0b 90 c7 45 48 ff ff ff ff 5b 5d e9 83 12 82 ff e8 fe 5f e6\nff\nRSP: 0018:ffffc900026b7c28 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8239710f\nRDX: ffff888041345a00 RSI: ffffffff8239717b RDI: 0000000000000005\nRBP: ffff888054509ad0 R08: 0000000000000005 R09: 0000000000000000\nR10: 0000000000000000 R11: ffffffff9ab36f08 R12: ffff88804bb40000\nR13: ffff8880545091e0 R14: 0000000000008000 R15: ffff8880545091e0\nFS: 000055555d0c5880(0000) GS:ffff8880eb3e3000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f915c55b178 CR3: 0000000050d20000 CR4: 0000000000352ef0\nCall Trace:\n\nf2fs_i_links_write home/cc/linux/fs/f2fs/f2fs.h:3194 [inline]\nf2fs_drop_nlink+0xd1/0x3c0 home/cc/linux/fs/f2fs/dir.c:845\nf2fs_delete_entry+0x542/0x1450 home/cc/linux/fs/f2fs/dir.c:909\nf2fs_unlink+0x45c/0x890 home/cc/linux/fs/f2fs/namei.c:581\nvfs_unlink+0x2fb/0x9b0 home/cc/linux/fs/namei.c:4544\ndo_unlinkat+0x4c5/0x6a0 home/cc/linux/fs/namei.c:4608\n__do_sys_unlink home/cc/linux/fs/namei.c:4654 [inline]\n__se_sys_unlink home/cc/linux/fs/namei.c:4652 [inline]\n__x64_sys_unlink+0xc5/0x110 home/cc/linux/fs/namei.c:4652\ndo_syscall_x64 home/cc/linux/arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xc7/0x250 home/cc/linux/arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fb3d092324b\nCode: 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66\n2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 57 00 00 00 0f 05\n<48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01\n48\nRSP: 002b:00007ffdc232d938 EFLAGS: 00000206 ORIG_RAX: 0000000000000057\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb3d092324b\nRDX: 00007ffdc232d960 RSI: 00007ffdc232d960 RDI: 00007ffdc232d9f0\nRBP: 00007ffdc232d9f0 R08: 0000000000000001 R09: 00007ffdc232d7c0\nR10: 00000000fffffffd R11: 0000000000000206 R12: 00007ffdc232eaf0\nR13: 000055555d0cebb0 R14: 00007ffdc232d958 R15: 0000000000000001\n", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38219" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38204", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: fix array-index-out-of-bounds read in add_missing_indices\nstbl is s8 but it must contain offsets into slot which can go from 0 to\n127.\nAdded a bound check for that error and return -EIO if the check fails.\nAlso make jfs_readdir return with error if add_missing_indices returns\nwith an error.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38204" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38203", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: Fix null-ptr-deref in jfs_ioc_trim\n[ Syzkaller Report ]\nOops: general protection fault, probably for non-canonical address\n0xdffffc0000000087: 0000 [#1\nKASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f]\nCPU: 2 UID: 0 PID: 10614 Comm: syz-executor.0 Not tainted\n6.13.0-rc6-gfbfd64d25c7a-dirty #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nSched_ext: serialise (enabled+all), task: runnable_at=-30ms\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n? __die_body+0x61/0xb0\n? die_addr+0xb1/0xe0\n? exc_general_protection+0x333/0x510\n? asm_exc_general_protection+0x26/0x30\n? jfs_ioc_trim+0x34b/0x8f0\njfs_ioctl+0x3c8/0x4f0\n? __pfx_jfs_ioctl+0x10/0x10\n? __pfx_jfs_ioctl+0x10/0x10\n__se_sys_ioctl+0x269/0x350\n? __pfx___se_sys_ioctl+0x10/0x10\n? do_syscall_64+0xfb/0x210\ndo_syscall_64+0xee/0x210\n? syscall_exit_to_user_mode+0x1e0/0x330\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fe51f4903ad\nCode: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48\n89 f7 48 89 d6 48 89 ca 4d\nRSP: 002b:00007fe5202250c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007fe51f5cbf80 RCX: 00007fe51f4903ad\nRDX: 0000000020000680 RSI: 00000000c0185879 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007fe520225640\nR13: 000000000000000e R14: 00007fe51f44fca0 R15: 00007fe52021d000\n\nModules linked in:\n---[ end trace 0000000000000000 ]---\nRIP: 0010:jfs_ioc_trim+0x34b/0x8f0\nCode: e7 e8 59 a4 87 fe 4d 8b 24 24 4d 8d bc 24 38 04 00 00 48 8d 93\n90 82 fe ff 4c 89 ff 31 f6\nRSP: 0018:ffffc900055f7cd0 EFLAGS: 00010206\nRAX: 0000000000000087 RBX: 00005866a9e67ff8 RCX: 000000000000000a\nRDX: 0000000000000001 RSI: 0000000000000004 RDI: 0000000000000001\nRBP: dffffc0000000000 R08: ffff88807c180003 R09: 1ffff1100f830000\nR10: dffffc0000000000 R11: ffffed100f830001 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000438\nFS: 00007fe520225640(0000) GS:ffff8880b7e80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005593c91b2c88 CR3: 000000014927c000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nKernel panic - not syncing: Fatal exception\n[ Analysis ]\nWe believe that we have found a concurrency bug in the `fs/jfs` module\nthat results in a null pointer dereference. There is a closely related\nissue which has been fixed:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d6c1b3599b2feb5c7291f5ac3a36e5fa7cedb234\n... but, unfortunately, the accepted patch appears to still be\nsusceptible to a null pointer dereference under some interleavings.\nTo trigger the bug, we think that `JFS_SBI(ipbmap->i_sb)->bmap` is set\nto NULL in `dbFreeBits` and then dereferenced in `jfs_ioc_trim`. This\nbug manifests quite rarely under normal circumstances, but is\ntriggereable from a syz-program.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38203" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38285", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nbpf: Fix WARN() in get_bpf_raw_tp_regs\nsyzkaller reported an issue:\nWARNING: CPU: 3 PID: 5971 at kernel/trace/bpf_trace.c:1861 get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861\nModules linked in:\nCPU: 3 UID: 0 PID: 5971 Comm: syz-executor205 Not tainted 6.15.0-rc5-syzkaller-00038-g707df3375124 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:get_bpf_raw_tp_regs+0xa4/0x100 kernel/trace/bpf_trace.c:1861\nRSP: 0018:ffffc90003636fa8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff81c6bc4c\nRDX: ffff888032efc880 RSI: ffffffff81c6bc83 RDI: 0000000000000005\nRBP: ffff88806a730860 R08: 0000000000000005 R09: 0000000000000003\nR10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000004\nR13: 0000000000000001 R14: ffffc90003637008 R15: 0000000000000900\nFS: 0000000000000000(0000) GS:ffff8880d6cdf000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7baee09130 CR3: 0000000029f5a000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\n____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1934 [inline]\nbpf_get_stack_raw_tp+0x24/0x160 kernel/trace/bpf_trace.c:1931\nbpf_prog_ec3b2eefa702d8d3+0x43/0x47\nbpf_dispatcher_nop_func include/linux/bpf.h:1316 [inline]\n__bpf_prog_run include/linux/filter.h:718 [inline]\nbpf_prog_run include/linux/filter.h:725 [inline]\n__bpf_trace_run kernel/trace/bpf_trace.c:2363 [inline]\nbpf_trace_run3+0x23f/0x5a0 kernel/trace/bpf_trace.c:2405\n__bpf_trace_mmap_lock_acquire_returned+0xfc/0x140 include/trace/events/mmap_lock.h:47\n__traceiter_mmap_lock_acquire_returned+0x79/0xc0 include/trace/events/mmap_lock.h:47\n__do_trace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]\ntrace_mmap_lock_acquire_returned include/trace/events/mmap_lock.h:47 [inline]\n__mmap_lock_do_trace_acquire_returned+0x138/0x1f0 mm/mmap_lock.c:35\n__mmap_lock_trace_acquire_returned include/linux/mmap_lock.h:36 [inline]\nmmap_read_trylock include/linux/mmap_lock.h:204 [inline]\nstack_map_get_build_id_offset+0x535/0x6f0 kernel/bpf/stackmap.c:157\n__bpf_get_stack+0x307/0xa10 kernel/bpf/stackmap.c:483\n____bpf_get_stack kernel/bpf/stackmap.c:499 [inline]\nbpf_get_stack+0x32/0x40 kernel/bpf/stackmap.c:496\n____bpf_get_stack_raw_tp kernel/trace/bpf_trace.c:1941 [inline]\nbpf_get_stack_raw_tp+0x124/0x160 kernel/trace/bpf_trace.c:1931\nbpf_prog_ec3b2eefa702d8d3+0x43/0x47\nTracepoint like trace_mmap_lock_acquire_returned may cause nested call\nas the corner case show above, which will be resolved with more general\nmethod in the future. As a result, WARN_ON_ONCE will be triggered. As\nAlexei suggested, remove the WARN_ON_ONCE first.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38285" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-38324", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().\nAs syzbot reported [0], mpls_route_input_rcu() can be called\nfrom mpls_getroute(), where is under RTNL.\nnet->mpls.platform_label is only updated under RTNL.\nLet's use rcu_dereference_rtnl() in mpls_route_input_rcu() to\nsilence the splat.\n[0]:\nWARNING: suspicious RCU usage\n6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 Not tainted\n----------------------------\nnet/mpls/af_mpls.c:84 suspicious rcu_dereference_check() usage!\nother info that might help us debug this:\nrcu_scheduler_active = 2, debug_locks = 1\n1 lock held by syz.2.4451/17730:\n#0: ffffffff9012a3e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock net/core/rtnetlink.c:80 [inline]\n#0: ffffffff9012a3e8 (rtnl_mutex){+.+.}-{4:4}, at: rtnetlink_rcv_msg+0x371/0xe90 net/core/rtnetlink.c:6961\nstack backtrace:\nCPU: 1 UID: 0 PID: 17730 Comm: syz.2.4451 Not tainted 6.15.0-rc7-syzkaller-00082-g5cdb2c77c4c3 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\nlockdep_rcu_suspicious+0x166/0x260 kernel/locking/lockdep.c:6865\nmpls_route_input_rcu+0x1d4/0x200 net/mpls/af_mpls.c:84\nmpls_getroute+0x621/0x1ea0 net/mpls/af_mpls.c:2381\nrtnetlink_rcv_msg+0x3c9/0xe90 net/core/rtnetlink.c:6964\nnetlink_rcv_skb+0x16d/0x440 net/netlink/af_netlink.c:2534\nnetlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\nnetlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339\nnetlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883\nsock_sendmsg_nosec net/socket.c:712 [inline]\n__sock_sendmsg net/socket.c:727 [inline]\n____sys_sendmsg+0xa98/0xc70 net/socket.c:2566\n___sys_sendmsg+0x134/0x1d0 net/socket.c:2620\n__sys_sendmmsg+0x200/0x420 net/socket.c:2709\n__do_sys_sendmmsg net/socket.c:2736 [inline]\n__se_sys_sendmmsg net/socket.c:2733 [inline]\n__x64_sys_sendmmsg+0x9c/0x100 net/socket.c:2733\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x230 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f0a2818e969\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f0a28f52038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133\nRAX: ffffffffffffffda RBX: 00007f0a283b5fa0 RCX: 00007f0a2818e969\nRDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003\nRBP: 00007f0a28210ab1 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 00007f0a283b5fa0 R15: 00007ffce5e9f268\n", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38324" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38323", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atm: add lec_mutex\nsyzbot found its way in net/atm/lec.c, and found an error path\nin lecd_attach() could leave a dangling pointer in dev_lec[].\nAdd a mutex to protect dev_lecp[] uses from lecd_attach(),\nlec_vcc_attach() and lec_mcast_attach().\nFollowing patch will use this mutex for /proc/net/atm/lec.\nBUG: KASAN: slab-use-after-free in lecd_attach net/atm/lec.c:751 [inline]\nBUG: KASAN: slab-use-after-free in lane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\nRead of size 8 at addr ffff88807c7b8e68 by task syz.1.17/6142\nCPU: 1 UID: 0 PID: 6142 Comm: syz.1.17 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xcd/0x680 mm/kasan/report.c:521\nkasan_report+0xe0/0x110 mm/kasan/report.c:634\nlecd_attach net/atm/lec.c:751 [inline]\nlane_ioctl+0x2224/0x23e0 net/atm/lec.c:1008\ndo_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\nsock_do_ioctl+0x118/0x280 net/socket.c:1190\nsock_ioctl+0x227/0x6b0 net/socket.c:1311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl fs/ioctl.c:893 [inline]\n__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAllocated by task 6132:\nkasan_save_stack+0x33/0x60 mm/kasan/common.c:47\nkasan_save_track+0x14/0x30 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n__kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:394\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__do_kmalloc_node mm/slub.c:4328 [inline]\n__kvmalloc_node_noprof+0x27b/0x620 mm/slub.c:5015\nalloc_netdev_mqs+0xd2/0x1570 net/core/dev.c:11711\nlecd_attach net/atm/lec.c:737 [inline]\nlane_ioctl+0x17db/0x23e0 net/atm/lec.c:1008\ndo_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\nsock_do_ioctl+0x118/0x280 net/socket.c:1190\nsock_ioctl+0x227/0x6b0 net/socket.c:1311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl fs/ioctl.c:893 [inline]\n__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nFreed by task 6132:\nkasan_save_stack+0x33/0x60 mm/kasan/common.c:47\nkasan_save_track+0x14/0x30 mm/kasan/common.c:68\nkasan_save_free_info+0x3b/0x60 mm/kasan/generic.c:576\npoison_slab_object mm/kasan/common.c:247 [inline]\n__kasan_slab_free+0x51/0x70 mm/kasan/common.c:264\nkasan_slab_free include/linux/kasan.h:233 [inline]\nslab_free_hook mm/slub.c:2381 [inline]\nslab_free mm/slub.c:4643 [inline]\nkfree+0x2b4/0x4d0 mm/slub.c:4842\nfree_netdev+0x6c5/0x910 net/core/dev.c:11892\nlecd_attach net/atm/lec.c:744 [inline]\nlane_ioctl+0x1ce8/0x23e0 net/atm/lec.c:1008\ndo_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\nsock_do_ioctl+0x118/0x280 net/socket.c:1190\nsock_ioctl+0x227/0x6b0 net/socket.c:1311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl fs/ioctl.c:893 [inline]\n__x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:893", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38323" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38346", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nftrace: Fix UAF when lookup kallsym after ftrace disabled\nThe following issue happens with a buggy module:\nBUG: unable to handle page fault for address: ffffffffc05d0218\nPGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0\nOops: Oops: 0000 [#1] SMP KASAN PTI\nTainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\nRIP: 0010:sized_strscpy+0x81/0x2f0\nRSP: 0018:ffff88812d76fa08 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffffffc0601010 RCX: dffffc0000000000\nRDX: 0000000000000038 RSI: dffffc0000000000 RDI: ffff88812608da2d\nRBP: 8080808080808080 R08: ffff88812608da2d R09: ffff88812608da68\nR10: ffff88812608d82d R11: ffff88812608d810 R12: 0000000000000038\nR13: ffff88812608da2d R14: ffffffffc05d0218 R15: fefefefefefefeff\nFS: 00007fef552de740(0000) GS:ffff8884251c7000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffc05d0218 CR3: 00000001146f0000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\nftrace_mod_get_kallsym+0x1ac/0x590\nupdate_iter_mod+0x239/0x5b0\ns_next+0x5b/0xa0\nseq_read_iter+0x8c9/0x1070\nseq_read+0x249/0x3b0\nproc_reg_read+0x1b0/0x280\nvfs_read+0x17f/0x920\nksys_read+0xf3/0x1c0\ndo_syscall_64+0x5f/0x2e0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nThe above issue may happen as follows:\n(1) Add kprobe tracepoint;\n(2) insmod test.ko;\n(3) Module triggers ftrace disabled;\n(4) rmmod test.ko;\n(5) cat /proc/kallsyms; --> Will trigger UAF as test.ko already removed;\nftrace_mod_get_kallsym()\n...\nstrscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);\n...\nThe problem is when a module triggers an issue with ftrace and\nsets ftrace_disable. The ftrace_disable is set when an anomaly is\ndiscovered and to prevent any more damage, ftrace stops all text\nmodification. The issue that happened was that the ftrace_disable stops\nmore than just the text modification.\nWhen a module is loaded, its init functions can also be traced. Because\nkallsyms deletes the init functions after a module has loaded, ftrace\nsaves them when the module is loaded and function tracing is enabled. This\nallows the output of the function trace to show the init function names\ninstead of just their raw memory addresses.\nWhen a module is removed, ftrace_release_mod() is called, and if\nftrace_disable is set, it just returns without doing anything more. The\nproblem here is that it leaves the mod_list still around and if kallsyms\nis called, it will call into this code and access the module memory that\nhas already been freed as it will return:\nstrscpy(module_name, mod_map->mod->name, MODULE_NAME_LEN);\nWhere the \"mod\" no longer exists and triggers a UAF bug.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38346" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38345", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nACPICA: fix acpi operand cache leak in dswstate.c\nACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732\nI found an ACPI cache leak in ACPI early termination and boot continuing case.\nWhen early termination occurs due to malicious ACPI table, Linux kernel\nterminates ACPI function and continues to boot process. While kernel terminates\nACPI function, kmem_cache_destroy() reports Acpi-Operand cache leak.\nBoot log of ACPI operand cache leak is as follows:\n>[ 0.585957] ACPI: Added _OSI(Module Device)\n>[ 0.587218] ACPI: Added _OSI(Processor Device)\n>[ 0.588530] ACPI: Added _OSI(3.0 _SCP Extensions)\n>[ 0.589790] ACPI: Added _OSI(Processor Aggregator Device)\n>[ 0.591534] ACPI Error: Illegal I/O port address/length above 64K: C806E00000004002/0x2 (20170303/hwvalid-155)\n>[ 0.594351] ACPI Exception: AE_LIMIT, Unable to initialize fixed events (20170303/evevent-88)\n>[ 0.597858] ACPI: Unable to start the ACPI Interpreter\n>[ 0.599162] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n>[ 0.601836] kmem_cache_destroy Acpi-Operand: Slab cache still has objects\n>[ 0.603556] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.0-rc5 #26\n>[ 0.605159] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS virtual_box 12/01/2006\n>[ 0.609177] Call Trace:\n>[ 0.610063] ? dump_stack+0x5c/0x81\n>[ 0.611118] ? kmem_cache_destroy+0x1aa/0x1c0\n>[ 0.612632] ? acpi_sleep_proc_init+0x27/0x27\n>[ 0.613906] ? acpi_os_delete_cache+0xa/0x10\n>[ 0.617986] ? acpi_ut_delete_caches+0x3f/0x7b\n>[ 0.619293] ? acpi_terminate+0xa/0x14\n>[ 0.620394] ? acpi_init+0x2af/0x34f\n>[ 0.621616] ? __class_create+0x4c/0x80\n>[ 0.623412] ? video_setup+0x7f/0x7f\n>[ 0.624585] ? acpi_sleep_proc_init+0x27/0x27\n>[ 0.625861] ? do_one_initcall+0x4e/0x1a0\n>[ 0.627513] ? kernel_init_freeable+0x19e/0x21f\n>[ 0.628972] ? rest_init+0x80/0x80\n>[ 0.630043] ? kernel_init+0xa/0x100\n>[ 0.631084] ? ret_from_fork+0x25/0x30\n>[ 0.633343] vgaarb: loaded\n>[ 0.635036] EDAC MC: Ver: 3.0.0\n>[ 0.638601] PCI: Probing PCI hardware\n>[ 0.639833] PCI host bridge to bus 0000:00\n>[ 0.641031] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]\n> ... Continue to boot and log is omitted ...\nI analyzed this memory leak in detail and found acpi_ds_obj_stack_pop_and_\ndelete() function miscalculated the top of the stack. acpi_ds_obj_stack_push()\nfunction uses walk_state->operand_index for start position of the top, but\nacpi_ds_obj_stack_pop_and_delete() function considers index 0 for it.\nTherefore, this causes acpi operand memory leak.\nThis cache leak causes a security threat because an old kernel (<= 4.9) shows\nmemory locations of kernel functions in stack dump. Some malicious users\ncould use this information to neutralize kernel ASLR.\nI made a patch to fix ACPI operand cache leak.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38345" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38344", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nACPICA: fix acpi parse and parseext cache leaks\nACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5\nI'm Seunghun Han, and I work for National Security Research Institute of\nSouth Korea.\nI have been doing a research on ACPI and found an ACPI cache leak in ACPI\nearly abort cases.\nBoot log of ACPI cache leak is as follows:\n[ 0.352414] ACPI: Added _OSI(Module Device)\n[ 0.353182] ACPI: Added _OSI(Processor Device)\n[ 0.353182] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.353182] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.356028] ACPI: Unable to start the ACPI Interpreter\n[ 0.356799] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.360215] kmem_cache_destroy Acpi-State: Slab cache still has objects\n[ 0.360648] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #10\n[ 0.361273] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.361873] Call Trace:\n[ 0.362243] ? dump_stack+0x5c/0x81\n[ 0.362591] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.362944] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.363296] ? acpi_os_delete_cache+0xa/0x10\n[ 0.363646] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.364000] ? acpi_terminate+0xa/0x14\n[ 0.364000] ? acpi_init+0x2af/0x34f\n[ 0.364000] ? __class_create+0x4c/0x80\n[ 0.364000] ? video_setup+0x7f/0x7f\n[ 0.364000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.364000] ? do_one_initcall+0x4e/0x1a0\n[ 0.364000] ? kernel_init_freeable+0x189/0x20a\n[ 0.364000] ? rest_init+0xc0/0xc0\n[ 0.364000] ? kernel_init+0xa/0x100\n[ 0.364000] ? ret_from_fork+0x25/0x30\nI analyzed this memory leak in detail. I found that “Acpi-State” cache and\n“Acpi-Parse” cache were merged because the size of cache objects was same\nslab cache size.\nI finally found “Acpi-Parse” cache and “Acpi-parse_ext” cache were leaked\nusing SLAB_NEVER_MERGE flag in kmem_cache_create() function.\nReal ACPI cache leak point is as follows:\n[ 0.360101] ACPI: Added _OSI(Module Device)\n[ 0.360101] ACPI: Added _OSI(Processor Device)\n[ 0.360101] ACPI: Added _OSI(3.0 _SCP Extensions)\n[ 0.361043] ACPI: Added _OSI(Processor Aggregator Device)\n[ 0.364016] ACPI: Unable to start the ACPI Interpreter\n[ 0.365061] ACPI Error: Could not remove SCI handler (20170303/evmisc-281)\n[ 0.368174] kmem_cache_destroy Acpi-Parse: Slab cache still has objects\n[ 0.369332] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.371256] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.372000] Call Trace:\n[ 0.372000] ? dump_stack+0x5c/0x81\n[ 0.372000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.372000] ? acpi_ut_delete_caches+0x56/0x7b\n[ 0.372000] ? acpi_terminate+0xa/0x14\n[ 0.372000] ? acpi_init+0x2af/0x34f\n[ 0.372000] ? __class_create+0x4c/0x80\n[ 0.372000] ? video_setup+0x7f/0x7f\n[ 0.372000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.372000] ? do_one_initcall+0x4e/0x1a0\n[ 0.372000] ? kernel_init_freeable+0x189/0x20a\n[ 0.372000] ? rest_init+0xc0/0xc0\n[ 0.372000] ? kernel_init+0xa/0x100\n[ 0.372000] ? ret_from_fork+0x25/0x30\n[ 0.388039] kmem_cache_destroy Acpi-parse_ext: Slab cache still has objects\n[ 0.389063] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W\n4.12.0-rc4-next-20170608+ #8\n[ 0.390557] Hardware name: innotek gmb_h virtual_box/virtual_box, BIOS\nvirtual_box 12/01/2006\n[ 0.392000] Call Trace:\n[ 0.392000] ? dump_stack+0x5c/0x81\n[ 0.392000] ? kmem_cache_destroy+0x1aa/0x1c0\n[ 0.392000] ? acpi_sleep_proc_init+0x27/0x27\n[ 0.392000] ? acpi_os_delete_cache+0xa/0x10\n[ 0.392000] ? acpi_ut_delete_caches+0x6d/0x7b\n[ 0.392000] ? acpi_terminate+0xa/0x14\n[ 0.392000] ? acpi_init+0x2af/0x3\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38344" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38337", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()\nSince handle->h_transaction may be a NULL pointer, so we should change it\nto call is_handle_aborted(handle) first before dereferencing it.\nAnd the following data-race was reported in my fuzzer:\n==================================================================\nBUG: KCSAN: data-race in jbd2_journal_dirty_metadata / jbd2_journal_dirty_metadata\nwrite to 0xffff888011024104 of 4 bytes by task 10881 on cpu 1:\njbd2_journal_dirty_metadata+0x2a5/0x770 fs/jbd2/transaction.c:1556\n__ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\next4_do_update_inode fs/ext4/inode.c:5220 [inline]\next4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n__ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\next4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\nread to 0xffff888011024104 of 4 bytes by task 10880 on cpu 0:\njbd2_journal_dirty_metadata+0xf2/0x770 fs/jbd2/transaction.c:1512\n__ext4_handle_dirty_metadata+0xe7/0x4b0 fs/ext4/ext4_jbd2.c:358\next4_do_update_inode fs/ext4/inode.c:5220 [inline]\next4_mark_iloc_dirty+0x32c/0xd50 fs/ext4/inode.c:5869\n__ext4_mark_inode_dirty+0xe1/0x450 fs/ext4/inode.c:6074\next4_dirty_inode+0x98/0xc0 fs/ext4/inode.c:6103\n....\nvalue changed: 0x00000000 -> 0x00000001\n==================================================================\nThis issue is caused by missing data-race annotation for jh->b_modified.\nTherefore, the missing annotation needs to be added.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38337" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38428", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nInput: ims-pcu - check record size in ims_pcu_flash_firmware()\nThe \"len\" variable comes from the firmware and we generally do\ntrust firmware, but it's always better to double check. If the \"len\"\nis too large it could result in memory corruption when we do\n\"memcpy(fragment->data, rec->data, len);\"", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38428" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38637", "cwe": { "id": "CWE-617", "name": "Reachable Assertion" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: skbprio: Remove overly strict queue assertions\nIn the current implementation, skbprio enqueue/dequeue contains an assertion\nthat fails under certain conditions when SKBPRIO is used as a child qdisc under\nTBF with specific parameters. The failure occurs because TBF sometimes peeks at\npackets in the child qdisc without actually dequeuing them when tokens are\nunavailable.\nThis peek operation creates a discrepancy between the parent and child qdisc\nqueue length counters. When TBF later receives a high-priority packet,\nSKBPRIO's queue length may show a different value than what's reflected in its\ninternal priority queue tracking, triggering the assertion.\nThe fix removes this overly strict assertions in SKBPRIO, they are not\nnecessary at all.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38637" } ], "release_date": "2025-04-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38498", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndo_change_type(): refuse to operate on unmounted/not ours mounts\nEnsure that propagation settings can only be changed for mounts located\nin the caller's mount namespace. This change aligns permission checking\nwith the rest of mount(2).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38498" } ], "release_date": "2025-07-30T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38430", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnfsd: nfsd4_spo_must_allow() must check this is a v4 compound request\nIf the request being processed is not a v4 compound request, then\nexamining the cstate can have undefined results.\nThis patch adds a check that the rpc procedure being executed\n(rq_procinfo) is the NFSPROC4_COMPOUND procedure.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38430" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38424", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nperf: Fix sample vs do_exit()\nBaisheng Gao reported an ARM64 crash, which Mark decoded as being a\nsynchronous external abort -- most likely due to trying to access\nMMIO in bad ways.\nThe crash further shows perf trying to do a user stack sample while in\nexit_mmap()'s tlb_finish_mmu() -- i.e. while tearing down the address\nspace it is trying to access.\nIt turns out that we stop perf after we tear down the userspace mm; a\nreceipie for disaster, since perf likes to access userspace for\nvarious reasons.\nFlip this order by moving up where we stop perf in do_exit().\nAdditionally, harden PERF_SAMPLE_CALLCHAIN and PERF_SAMPLE_STACK_USER\nto abort when the current task does not have an mm (exit_mm() makes\nsure to set current->mm = NULL; before commencing with the actual\nteardown). Such that CPU wide events don't trip on this same problem.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38424" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38420", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: carl9170: do not ping device which has failed to load firmware\nSyzkaller reports [1, 2] crashes caused by an attempts to ping\nthe device which has failed to load firmware. Since such a device\ndoesn't pass 'ieee80211_register_hw()', an internal workqueue\nmanaged by 'ieee80211_queue_work()' is not yet created and an\nattempt to queue work on it causes null-ptr-deref.\n[1] https://syzkaller.appspot.com/bug?extid=9a4aec827829942045ff\n[2] https://syzkaller.appspot.com/bug?extid=0d8afba53e8fb2633217", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38420" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38416", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nNFC: nci: uart: Set tty->disc_data only in success path\nSetting tty->disc_data before opening the NCI device means we need to\nclean it up on error paths. This also opens some short window if device\nstarts sending data, even before NCIUARTSETDRIVER IOCTL succeeded\n(broken hardware?). Close the window by exposing tty->disc_data only on\nthe success path, when opening of the NCI device and try_module_get()\nsucceeds.\nThe code differs in error path in one aspect: tty->disc_data won't be\never assigned thus NULL-ified. This however should not be relevant\ndifference, because of \"tty->disc_data=NULL\" in nci_uart_tty_open().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38416" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38415", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nSquashfs: check return result of sb_min_blocksize\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n----\nmsblk->devblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk->devblksize_log2 = ffz(~msblk->devblksize);\n----\nsb_min_blocksize() returns 0, which means msblk->devblksize is set to 0.\nAs a result, ffz(~msblk->devblksize) returns 64, and msblk->devblksize_log2\nis set to 64.\nThis subsequently causes the\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type 'u64' (aka\n'unsigned long long')\nThis commit adds a check for a 0 return by sb_min_blocksize().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38415" } ], "release_date": "2025-07-25T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38352", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won't be\nable to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\nAdd the tsk->exit_state check into run_posix_cpu_timers() to fix this.\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail\nanyway in this case.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38352" } ], "release_date": "2025-07-22T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38350", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: Always pass notifications when child class becomes empty\nCertain classful qdiscs may invoke their classes' dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent's parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\ntc qdisc add dev lo root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo parent 1: classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\ntc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\ntc qdisc add dev lo parent 2:1 handle 3: netem\ntc qdisc add dev lo parent 3:1 handle 4: blackhole\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\ntc class delete dev lo classid 1:1\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38350" } ], "release_date": "2025-07-19T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38348", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()\nRobert Morris reported:\n|If a malicious USB device pretends to be an Intersil p54 wifi\n|interface and generates an eeprom_readback message with a large\n|eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the\n|message beyond the end of priv->eeprom.\n|\n|static void p54_rx_eeprom_readback(struct p54_common *priv,\n| struct sk_buff *skb)\n|{\n| struct p54_hdr *hdr = (struct p54_hdr *) skb->data;\n| struct p54_eeprom_lm86 *eeprom = (struct p54_eeprom_lm86 *) hdr->data;\n|\n| if (priv->fw_var >= 0x509) {\n| memcpy(priv->eeprom, eeprom->v2.data,\n| le16_to_cpu(eeprom->v2.len));\n| } else {\n| memcpy(priv->eeprom, eeprom->v1.data,\n| le16_to_cpu(eeprom->v1.len));\n| }\n| [...]\nThe eeprom->v{1,2}.len is set by the driver in p54_download_eeprom().\nThe device is supposed to provide the same length back to the driver.\nBut yes, it's possible (like shown in the report) to alter the value\nto something that causes a crash/panic due to overrun.\nThis patch addresses the issue by adding the size to the common device\ncontext, so p54_rx_eeprom_readback no longer relies on possibly tampered\nvalues... That said, it also checks if the \"firmware\" altered the value\nand no longer copies them.\nThe one, small saving grace is: Before the driver tries to read the eeprom,\nit needs to upload >a< firmware. the vendor firmware has a proprietary\nlicense and as a reason, it is not present on most distributions by\ndefault.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38348" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38336", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330\nThe controller has a hardware bug that can hard hang the system when\ndoing ATAPI DMAs without any trace of what happened. Depending on the\ndevice attached, it can also prevent the system from booting.\nIn this case, the system hangs when reading the ATIP from optical media\nwith cdrecord -vvv -atip on an _NEC DVD_RW ND-4571A 1-01 and an\nOptiarc DVD RW AD-7200A 1.06 attached to an ASRock 990FX Extreme 4,\nrunning at UDMA/33.\nThe issue can be reproduced by running the same command with a cygwin\nbuild of cdrecord on WinXP, although it requires more attempts to cause\nit. The hang in that case is also resolved by forcing PIO. It doesn't\nappear that VIA has produced any drivers for that OS, thus no known\nworkaround exists.\nHDDs attached to the controller do not suffer from any DMA issues.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38336" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-38332", "cwe": { "id": "CWE-170", "name": "Improper Null Termination" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: lpfc: Use memcpy() for BIOS version\nThe strlcat() with FORTIFY support is triggering a panic because it\nthinks the target buffer will overflow although the correct target\nbuffer size is passed in.\nAnyway, instead of memset() with 0 followed by a strlcat(), just use\nmemcpy() and ensure that the resulting buffer is NULL terminated.\nBIOSVersion is only used for the lpfc_printf_log() which expects a\nproperly terminated string.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38332" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38328", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njffs2: check jffs2_prealloc_raw_node_refs() result in few other places\nFuzzing hit another invalid pointer dereference due to the lack of\nchecking whether jffs2_prealloc_raw_node_refs() completed successfully.\nSubsequent logic implies that the node refs have been allocated.\nHandle that. The code is ready for propagating the error upwards.\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 5835 Comm: syz-executor145 Not tainted 5.10.234-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0xac/0x690 fs/jffs2/nodelist.c:600\nCall Trace:\njffs2_mark_erased_block fs/jffs2/erase.c:460 [inline]\njffs2_erase_pending_blocks+0x688/0x1860 fs/jffs2/erase.c:118\njffs2_garbage_collect_pass+0x638/0x1a00 fs/jffs2/gc.c:253\njffs2_reserve_space+0x3f4/0xad0 fs/jffs2/nodemgmt.c:167\njffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\njffs2_write_end+0x712/0x1110 fs/jffs2/file.c:302\ngeneric_perform_write+0x2c2/0x500 mm/filemap.c:3347\n__generic_file_write_iter+0x252/0x610 mm/filemap.c:3465\ngeneric_file_write_iter+0xdb/0x230 mm/filemap.c:3497\ncall_write_iter include/linux/fs.h:2039 [inline]\ndo_iter_readv_writev+0x46d/0x750 fs/read_write.c:740\ndo_iter_write+0x18c/0x710 fs/read_write.c:866\nvfs_writev+0x1db/0x6a0 fs/read_write.c:939\ndo_pwritev fs/read_write.c:1036 [inline]\n__do_sys_pwritev fs/read_write.c:1083 [inline]\n__se_sys_pwritev fs/read_write.c:1078 [inline]\n__x64_sys_pwritev+0x235/0x310 fs/read_write.c:1078\ndo_syscall_64+0x30/0x40 arch/x86/entry/common.c:46\nentry_SYSCALL_64_after_hwframe+0x67/0xd1\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38328" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38326", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\naoe: clean device rq_list in aoedev_downdev()\nAn aoe device's rq_list contains accepted block requests that are\nwaiting to be transmitted to the aoe target. This queue was added as\npart of the conversion to blk_mq. However, the queue was not cleaned out\nwhen an aoe device is downed which caused blk_mq_freeze_queue() to sleep\nindefinitely waiting for those requests to complete, causing a hang. This\nfix cleans out the queue before calling blk_mq_freeze_queue().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38326" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38320", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\narm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()\nKASAN reports a stack-out-of-bounds read in regs_get_kernel_stack_nth().\nCall Trace:\n[ 97.283505] BUG: KASAN: stack-out-of-bounds in regs_get_kernel_stack_nth+0xa8/0xc8\n[ 97.284677] Read of size 8 at addr ffff800089277c10 by task 1.sh/2550\n[ 97.285732]\n[ 97.286067] CPU: 7 PID: 2550 Comm: 1.sh Not tainted 6.6.0+ #11\n[ 97.287032] Hardware name: linux,dummy-virt (DT)\n[ 97.287815] Call trace:\n[ 97.288279] dump_backtrace+0xa0/0x128\n[ 97.288946] show_stack+0x20/0x38\n[ 97.289551] dump_stack_lvl+0x78/0xc8\n[ 97.290203] print_address_description.constprop.0+0x84/0x3c8\n[ 97.291159] print_report+0xb0/0x280\n[ 97.291792] kasan_report+0x84/0xd0\n[ 97.292421] __asan_load8+0x9c/0xc0\n[ 97.293042] regs_get_kernel_stack_nth+0xa8/0xc8\n[ 97.293835] process_fetch_insn+0x770/0xa30\n[ 97.294562] kprobe_trace_func+0x254/0x3b0\n[ 97.295271] kprobe_dispatcher+0x98/0xe0\n[ 97.295955] kprobe_breakpoint_handler+0x1b0/0x210\n[ 97.296774] call_break_hook+0xc4/0x100\n[ 97.297451] brk_handler+0x24/0x78\n[ 97.298073] do_debug_exception+0xac/0x178\n[ 97.298785] el1_dbg+0x70/0x90\n[ 97.299344] el1h_64_sync_handler+0xcc/0xe8\n[ 97.300066] el1h_64_sync+0x78/0x80\n[ 97.300699] kernel_clone+0x0/0x500\n[ 97.301331] __arm64_sys_clone+0x70/0x90\n[ 97.302084] invoke_syscall+0x68/0x198\n[ 97.302746] el0_svc_common.constprop.0+0x11c/0x150\n[ 97.303569] do_el0_svc+0x38/0x50\n[ 97.304164] el0_svc+0x44/0x1d8\n[ 97.304749] el0t_64_sync_handler+0x100/0x130\n[ 97.305500] el0t_64_sync+0x188/0x190\n[ 97.306151]\n[ 97.306475] The buggy address belongs to stack of task 1.sh/2550\n[ 97.307461] and is located at offset 0 in frame:\n[ 97.308257] __se_sys_clone+0x0/0x138\n[ 97.308910]\n[ 97.309241] This frame has 1 object:\n[ 97.309873] [48, 184) 'args'\n[ 97.309876]\n[ 97.310749] The buggy address belongs to the virtual mapping at\n[ 97.310749] [ffff800089270000, ffff800089279000) created by:\n[ 97.310749] dup_task_struct+0xc0/0x2e8\n[ 97.313347]\n[ 97.313674] The buggy address belongs to the physical page:\n[ 97.314604] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14f69a\n[ 97.315885] flags: 0x15ffffe00000000(node=1|zone=2|lastcpupid=0xfffff)\n[ 97.316957] raw: 015ffffe00000000 0000000000000000 dead000000000122 0000000000000000\n[ 97.318207] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\n[ 97.319445] page dumped because: kasan: bad access detected\n[ 97.320371]\n[ 97.320694] Memory state around the buggy address:\n[ 97.321511] ffff800089277b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 97.322681] ffff800089277b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 97.323846] >ffff800089277c00: 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 00 00 00 00\n[ 97.325023] ^\n[ 97.325683] ffff800089277c80: 00 00 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3\n[ 97.326856] ffff800089277d00: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00\nThis issue seems to be related to the behavior of some gcc compilers and\nwas also fixed on the s390 architecture before:\ncommit d93a855c31b7 (\"s390/ptrace: Avoid KASAN false positives in regs_get_kernel_stack_nth()\")\nAs described in that commit, regs_get_kernel_stack_nth() has confirmed that\n`addr` is on the stack, so reading the value at `*addr` should be allowed.\nUse READ_ONCE_NOCHECK() helper to silence the KASAN check for this case.\n[will: Use '*addr' as the argument to READ_ONCE_NOCHECK()]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38320" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38313", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nbus: fsl-mc: fix double-free on mc_dev\nThe blamed commit tried to simplify how the deallocations are done but,\nin the process, introduced a double-free on the mc_dev variable.\nIn case the MC device is a DPRC, a new mc_bus is allocated and the\nmc_dev variable is just a reference to one of its fields. In this\ncircumstance, on the error path only the mc_bus should be freed.\nThis commit introduces back the following checkpatch warning which is a\nfalse-positive.\nWARNING: kfree(NULL) is safe and this check is probably not required\n+ if (mc_bus)\n+ kfree(mc_bus);", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38313" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38312", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()\nIn fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000,\ncvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's\nthen passed to fb_cvt_hperiod(), where it's used as a divider -- division\nby 0 will result in kernel oops. Add a sanity check for cvt.f_refresh to\navoid such overflow...\nFound by Linux Verification Center (linuxtesting.org) with the Svace static\nanalysis tool.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38312" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38298", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nEDAC/skx_common: Fix general protection fault\nAfter loading i10nm_edac (which automatically loads skx_edac_common), if\nunload only i10nm_edac, then reload it and perform error injection testing,\na general protection fault may occur:\nmce: [Hardware Error]: Machine check events logged\nOops: general protection fault ...\n...\nWorkqueue: events mce_gen_pool_process\nRIP: 0010:string+0x53/0xe0\n...\nCall Trace:\n\n? die_addr+0x37/0x90\n? exc_general_protection+0x1e7/0x3f0\n? asm_exc_general_protection+0x26/0x30\n? string+0x53/0xe0\nvsnprintf+0x23e/0x4c0\nsnprintf+0x4d/0x70\nskx_adxl_decode+0x16a/0x330 [skx_edac_common]\nskx_mce_check_error.part.0+0xf8/0x220 [skx_edac_common]\nskx_mce_check_error+0x17/0x20 [skx_edac_common]\n...\nThe issue arose was because the variable 'adxl_component_count' (inside\nskx_edac_common), which counts the ADXL components, was not reset. During\nthe reloading of i10nm_edac, the count was incremented by the actual number\nof ADXL components again, resulting in a count that was double the real\nnumber of ADXL components. This led to an out-of-bounds reference to the\nADXL component array, causing the general protection fault above.\nFix this issue by resetting the 'adxl_component_count' in adxl_put(),\nwhich is called during the unloading of {skx,i10nm}_edac.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38298" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38286", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npinctrl: at91: Fix possible out-of-boundary access\nat91_gpio_probe() doesn't check that given OF alias is not available or\nsomething went wrong when trying to get it. This might have consequences\nwhen accessing gpio_chips array with that value as an index. Note, that\nBUG() can be compiled out and hence won't actually perform the required\nchecks.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38286" } ], "release_date": "2025-07-10T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38237", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()\nIn fimc_is_hw_change_mode(), the function changes camera modes without\nwaiting for hardware completion, risking corrupted data or system hangs\nif subsequent operations proceed before the hardware is ready.\nAdd fimc_is_hw_wait_intmsr0_intmsd0() after mode configuration, ensuring\nhardware state synchronization and stable interrupt handling.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38237" } ], "release_date": "2025-07-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38214", "cwe": { "id": "CWE-459", "name": "Incomplete Cleanup" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var\nIf fb_add_videomode() in fb_set_var() fails to allocate memory for\nfb_videomode, later it may lead to a null-ptr dereference in\nfb_videomode_to_var(), as the fb_info is registered while not having the\nmode in modelist that is expected to be there, i.e. the one that is\ndescribed in fb_info->var.\n================================================================\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\nCPU: 1 PID: 30371 Comm: syz-executor.1 Not tainted 5.10.226-syzkaller #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:fb_videomode_to_var+0x24/0x610 drivers/video/fbdev/core/modedb.c:901\nCall Trace:\ndisplay_to_var+0x3a/0x7c0 drivers/video/fbdev/core/fbcon.c:929\nfbcon_resize+0x3e2/0x8f0 drivers/video/fbdev/core/fbcon.c:2071\nresize_screen drivers/tty/vt/vt.c:1176 [inline]\nvc_do_resize+0x53a/0x1170 drivers/tty/vt/vt.c:1263\nfbcon_modechanged+0x3ac/0x6e0 drivers/video/fbdev/core/fbcon.c:2720\nfbcon_update_vcs+0x43/0x60 drivers/video/fbdev/core/fbcon.c:2776\ndo_fb_ioctl+0x6d2/0x740 drivers/video/fbdev/core/fbmem.c:1128\nfb_ioctl+0xe7/0x150 drivers/video/fbdev/core/fbmem.c:1203\nvfs_ioctl fs/ioctl.c:48 [inline]\n__do_sys_ioctl fs/ioctl.c:753 [inline]\n__se_sys_ioctl fs/ioctl.c:739 [inline]\n__x64_sys_ioctl+0x19a/0x210 fs/ioctl.c:739\ndo_syscall_64+0x33/0x40 arch/x86/entry/common.c:46\nentry_SYSCALL_64_after_hwframe+0x67/0xd1\n================================================================\nThe reason is that fb_info->var is being modified in fb_set_var(), and\nthen fb_videomode_to_var() is called. If it fails to add the mode to\nfb_info->modelist, fb_set_var() returns error, but does not restore the\nold value of fb_info->var. Restore fb_info->var on failure the same way\nit is done earlier in the function.\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38214" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38213", "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nvgacon: Add check for vc_origin address range in vgacon_scroll()", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38213" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38212", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nipc: fix to protect IPCS lookups using RCU\nsyzbot reported that it discovered a use-after-free vulnerability, [0]\n[0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/\nidr_for_each() is protected by rwsem, but this is not enough. If it is\nnot protected by RCU read-critical region, when idr_for_each() calls\nradix_tree_node_free() through call_rcu() to free the radix_tree_node\nstructure, the node will be freed immediately, and when reading the next\nnode in radix_tree_for_each_slot(), the already freed memory may be read.\nTherefore, we need to add code to make sure that idr_for_each() is\nprotected within the RCU read-critical region when we call it in\nshm_destroy_orphaned().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38212" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38200", "cwe": { "id": "CWE-191", "name": "Integer Underflow (Wrap or Wraparound)" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ni40e: fix MMIO write access to an invalid page in i40e_clear_hw\nWhen the device sends a specific input, an integer underflow can occur, leading\nto MMIO write access to an invalid page.\nPrevent the integer underflow by changing the type of related variables.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38200" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38194", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njffs2: check that raw node were preallocated before writing summary\nSyzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault\ninjection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doesn't\ncheck return value of jffs2_prealloc_raw_node_refs and simply lets any\nerror propagate into jffs2_sum_write_data, which eventually calls\njffs2_link_node_ref in order to link the summary to an expectedly allocated\nnode.\nkernel BUG at fs/jffs2/nodelist.c:592!\ninvalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 31277 Comm: syz-executor.7 Not tainted 6.1.128-syzkaller-00139-ge10f83ca10a1 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:jffs2_link_node_ref+0x570/0x690 fs/jffs2/nodelist.c:592\nCall Trace:\n\njffs2_sum_write_data fs/jffs2/summary.c:841 [inline]\njffs2_sum_write_sumnode+0xd1a/0x1da0 fs/jffs2/summary.c:874\njffs2_do_reserve_space+0xa18/0xd60 fs/jffs2/nodemgmt.c:388\njffs2_reserve_space+0x55f/0xaa0 fs/jffs2/nodemgmt.c:197\njffs2_write_inode_range+0x246/0xb50 fs/jffs2/write.c:362\njffs2_write_end+0x726/0x15d0 fs/jffs2/file.c:301\ngeneric_perform_write+0x314/0x5d0 mm/filemap.c:3856\n__generic_file_write_iter+0x2ae/0x4d0 mm/filemap.c:3973\ngeneric_file_write_iter+0xe3/0x350 mm/filemap.c:4005\ncall_write_iter include/linux/fs.h:2265 [inline]\ndo_iter_readv_writev+0x20f/0x3c0 fs/read_write.c:735\ndo_iter_write+0x186/0x710 fs/read_write.c:861\nvfs_iter_write+0x70/0xa0 fs/read_write.c:902\niter_file_splice_write+0x73b/0xc90 fs/splice.c:685\ndo_splice_from fs/splice.c:763 [inline]\ndirect_splice_actor+0x10c/0x170 fs/splice.c:950\nsplice_direct_to_actor+0x337/0xa10 fs/splice.c:896\ndo_splice_direct+0x1a9/0x280 fs/splice.c:1002\ndo_sendfile+0xb13/0x12c0 fs/read_write.c:1255\n__do_sys_sendfile64 fs/read_write.c:1323 [inline]\n__se_sys_sendfile64 fs/read_write.c:1309 [inline]\n__x64_sys_sendfile64+0x1cf/0x210 fs/read_write.c:1309\ndo_syscall_x64 arch/x86/entry/common.c:51 [inline]\ndo_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\nentry_SYSCALL_64_after_hwframe+0x6e/0xd8\nFix this issue by checking return value of jffs2_prealloc_raw_node_refs\nbefore calling jffs2_sum_write_data.\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38194" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38190", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\natm: Revert atm_account_tx() if copy_from_iter_full() fails.\nIn vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by\natm_account_tx().\nIt is expected to be reverted by atm_pop_raw() later called by\nvcc->dev->ops->send(vcc, skb).\nHowever, vcc_sendmsg() misses the same revert when copy_from_iter_full()\nfails, and then we will leak a socket.\nLet's factorise the revert part as atm_return_tx() and call it in\nthe failure path.\nNote that the corresponding sk_wmem_alloc operation can be found in\nalloc_tx() as of the blamed commit.\n$ git blame -L:alloc_tx net/atm/common.c c55fa3cccbc2c~", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38190" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38185", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\natm: atmtcp: Free invalid length skb in atmtcp_c_send().\nsyzbot reported the splat below. [0]\nvcc_sendmsg() copies data passed from userspace to skb and passes\nit to vcc->dev->ops->send().\natmtcp_c_send() accesses skb->data as struct atmtcp_hdr after\nchecking if skb->len is 0, but it's not enough.\nAlso, when skb->len == 0, skb and sk (vcc) were leaked because\ndev_kfree_skb() is not called and sk_wmem_alloc adjustment is missing\nto revert atm_account_tx() in vcc_sendmsg(), which is expected\nto be done in atm_pop_raw().\nLet's properly free skb with an invalid length in atmtcp_c_send().\n[0]:\nBUG: KMSAN: uninit-value in atmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\natmtcp_c_send+0x255/0xed0 drivers/atm/atmtcp.c:294\nvcc_sendmsg+0xd7c/0xff0 net/atm/common.c:644\nsock_sendmsg_nosec net/socket.c:712 [inline]\n__sock_sendmsg+0x330/0x3d0 net/socket.c:727\n____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n__sys_sendmsg net/socket.c:2652 [inline]\n__do_sys_sendmsg net/socket.c:2657 [inline]\n__se_sys_sendmsg net/socket.c:2655 [inline]\n__x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\nx64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nUninit was created at:\nslab_post_alloc_hook mm/slub.c:4154 [inline]\nslab_alloc_node mm/slub.c:4197 [inline]\nkmem_cache_alloc_node_noprof+0x818/0xf00 mm/slub.c:4249\nkmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:579\n__alloc_skb+0x347/0x7d0 net/core/skbuff.c:670\nalloc_skb include/linux/skbuff.h:1336 [inline]\nvcc_sendmsg+0xb40/0xff0 net/atm/common.c:628\nsock_sendmsg_nosec net/socket.c:712 [inline]\n__sock_sendmsg+0x330/0x3d0 net/socket.c:727\n____sys_sendmsg+0x7e0/0xd80 net/socket.c:2566\n___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n__sys_sendmsg net/socket.c:2652 [inline]\n__do_sys_sendmsg net/socket.c:2657 [inline]\n__se_sys_sendmsg net/socket.c:2655 [inline]\n__x64_sys_sendmsg+0x211/0x3e0 net/socket.c:2655\nx64_sys_call+0x32fb/0x3db0 arch/x86/include/generated/asm/syscalls_64.h:47\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xd9/0x210 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nCPU: 1 UID: 0 PID: 5798 Comm: syz-executor192 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(undef)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38185" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38184", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer\nThe reproduction steps:\n1. create a tun interface\n2. enable l2 bearer\n3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun\ntipc: Started in network mode\ntipc: Node identity 8af312d38a21, cluster identity 4711\ntipc: Enabled bearer , priority 1\nOops: general protection fault\nKASAN: null-ptr-deref in range\nCPU: 1 UID: 1000 PID: 559 Comm: poc Not tainted 6.16.0-rc1+ #117 PREEMPT\nHardware name: QEMU Ubuntu 24.04 PC\nRIP: 0010:tipc_udp_nl_dump_remoteip+0x4a4/0x8f0\nthe ub was in fact a struct dev.\nwhen bid != 0 && skip_cnt != 0, bearer_list[bid] may be NULL or\nother media when other thread changes it.\nfix this by checking media_id.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38184" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38180", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atm: fix /proc/net/atm/lec handling\n/proc/net/atm/lec must ensure safety against dev_lec[] changes.\nIt appears it had dev_put() calls without prior dev_hold(),\nleading to imbalance and UAF.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38180" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38174", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nthunderbolt: Do not double dequeue a configuration request\nSome of our devices crash in tb_cfg_request_dequeue():\ngeneral protection fault, probably for non-canonical address 0xdead000000000122\nCPU: 6 PID: 91007 Comm: kworker/6:2 Tainted: G U W 6.6.65\nRIP: 0010:tb_cfg_request_dequeue+0x2d/0xa0\nCall Trace:\n\n? tb_cfg_request_dequeue+0x2d/0xa0\ntb_cfg_request_work+0x33/0x80\nworker_thread+0x386/0x8f0\nkthread+0xed/0x110\nret_from_fork+0x38/0x50\nret_from_fork_asm+0x1b/0x30\nThe circumstances are unclear, however, the theory is that\ntb_cfg_request_work() can be scheduled twice for a request:\nfirst time via frame.callback from ring_work() and second\ntime from tb_cfg_request(). Both times kworkers will execute\ntb_cfg_request_dequeue(), which results in double list_del()\nfrom the ctl->request_queue (the list poison deference hints\nat it: 0xdead000000000122).\nDo not dequeue requests that don't have TB_CFG_REQUEST_ACTIVE\nbit set.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38174" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38173", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: marvell/cesa - Handle zero-length skcipher requests\nDo not access random memory for zero-length skcipher requests.\nJust return 0.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38173" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38163", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nf2fs: fix to do sanity check on sbi->total_valid_block_count\nsyzbot reported a f2fs bug as below:\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/f2fs.h:2521!\nRIP: 0010:dec_valid_block_count+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521\nCall Trace:\nf2fs_truncate_data_blocks_range+0xc8c/0x11a0 fs/f2fs/file.c:695\ntruncate_dnode+0x417/0x740 fs/f2fs/node.c:973\ntruncate_nodes+0x3ec/0xf50 fs/f2fs/node.c:1014\nf2fs_truncate_inode_blocks+0x8e3/0x1370 fs/f2fs/node.c:1197\nf2fs_do_truncate_blocks+0x840/0x12b0 fs/f2fs/file.c:810\nf2fs_truncate_blocks+0x10d/0x300 fs/f2fs/file.c:838\nf2fs_truncate+0x417/0x720 fs/f2fs/file.c:888\nf2fs_setattr+0xc4f/0x12f0 fs/f2fs/file.c:1112\nnotify_change+0xbca/0xe90 fs/attr.c:552\ndo_truncate+0x222/0x310 fs/open.c:65\nhandle_truncate fs/namei.c:3466 [inline]\ndo_open fs/namei.c:3849 [inline]\npath_openat+0x2e4f/0x35d0 fs/namei.c:4004\ndo_filp_open+0x284/0x4e0 fs/namei.c:4031\ndo_sys_openat2+0x12b/0x1d0 fs/open.c:1429\ndo_sys_open fs/open.c:1444 [inline]\n__do_sys_creat fs/open.c:1522 [inline]\n__se_sys_creat fs/open.c:1516 [inline]\n__x64_sys_creat+0x124/0x170 fs/open.c:1516\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xf3/0x230 arch/x86/entry/syscall_64.c:94\nThe reason is: in fuzzed image, sbi->total_valid_block_count is\ninconsistent w/ mapped blocks indexed by inode, so, we should\nnot trigger panic for such case, instead, let's print log and\nset fsck flag.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38163" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38157", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: ath9k_htc: Abort software beacon handling if disabled\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38157" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38153", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: usb: aqc111: fix error handling of usbnet read calls\nSyzkaller, courtesy of syzbot, identified an error (see report [1]) in\naqc111 driver, caused by incomplete sanitation of usb read calls'\nresults. This problem is quite similar to the one fixed in commit\n920a9fa27e78 (\"net: asix: add proper error handling of usb read errors\").\nFor instance, usbnet_read_cmd() may read fewer than 'size' bytes,\neven if the caller expected the full amount, and aqc111_read_cmd()\nwill not check its result properly. As [1] shows, this may lead\nto MAC address in aqc111_bind() being only partly initialized,\ntriggering KMSAN warnings.\nFix the issue by verifying that the number of bytes read is\nas expected and not less.\n[1] Partial syzbot report:\nBUG: KMSAN: uninit-value in is_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nBUG: KMSAN: uninit-value in usbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\nis_valid_ether_addr include/linux/etherdevice.h:208 [inline]\nusbnet_probe+0x2e57/0x4390 drivers/net/usb/usbnet.c:1830\nusb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\ncall_driver_probe drivers/base/dd.c:-1 [inline]\nreally_probe+0x4d1/0xd90 drivers/base/dd.c:658\n__driver_probe_device+0x268/0x380 drivers/base/dd.c:800\n...\nUninit was stored to memory at:\ndev_addr_mod+0xb0/0x550 net/core/dev_addr_lists.c:582\n__dev_addr_set include/linux/netdevice.h:4874 [inline]\neth_hw_addr_set include/linux/etherdevice.h:325 [inline]\naqc111_bind+0x35f/0x1150 drivers/net/usb/aqc111.c:717\nusbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\nusb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\n...\nUninit was stored to memory at:\nether_addr_copy include/linux/etherdevice.h:305 [inline]\naqc111_read_perm_mac drivers/net/usb/aqc111.c:663 [inline]\naqc111_bind+0x794/0x1150 drivers/net/usb/aqc111.c:713\nusbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772\nusb_probe_interface+0xd01/0x1310 drivers/usb/core/driver.c:396\ncall_driver_probe drivers/base/dd.c:-1 [inline]\n...\nLocal variable buf.i created at:\naqc111_read_perm_mac drivers/net/usb/aqc111.c:656 [inline]\naqc111_bind+0x221/0x1150 drivers/net/usb/aqc111.c:713\nusbnet_probe+0xbe6/0x4390 drivers/net/usb/usbnet.c:1772", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38153" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38145", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsoc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\naspeed_lpc_enable_snoop() does not check for this case, which results in a\nNULL pointer dereference.\nAdd NULL check after devm_kasprintf() to prevent this issue.\n[arj: Fix Fixes: tag to use subject from 3772e5da4454]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38145" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38135", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nserial: Fix potential null-ptr-deref in mlb_usio_probe()\ndevm_ioremap() can return NULL on error. Currently, mlb_usio_probe()\ndoes not check for this case, which could result in a NULL pointer\ndereference.\nAdd NULL check after devm_ioremap() to prevent this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38135" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38115", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: sch_sfq: fix a potential crash on gso_skb handling\nSFQ has an assumption of always being able to queue at least one packet.\nHowever, after the blamed commit, sch->q.len can be inflated by packets\nin sch->gso_skb, and an enqueue() on an empty SFQ qdisc can be followed\nby an immediate drop.\nFix sfq_drop() to properly clear q->tail in this situation.\nip netns add lb\nip link add dev to-lb type veth peer name in-lb netns lb\nethtool -K to-lb tso off # force qdisc to requeue gso_skb\nip netns exec lb ethtool -K in-lb gro on # enable NAPI\nip link set dev to-lb up\nip -netns lb link set dev in-lb up\nip addr add dev to-lb 192.168.20.1/24\nip -netns lb addr add dev in-lb 192.168.20.2/24\ntc qdisc replace dev to-lb root sfq limit 100\nip netns exec lb netserver\nnetperf -H 192.168.20.2 -l 100 &\nnetperf -H 192.168.20.2 -l 100 &\nnetperf -H 192.168.20.2 -l 100 &\nnetperf -H 192.168.20.2 -l 100 &", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38115" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38111", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/mdiobus: Fix potential out-of-bounds read/write access\nWhen using publicly available tools like 'mdio-tools' to read/write data\nfrom/to network interface and its PHY via mdiobus, there is no verification of\nparameters passed to the ioctl and it accepts any mdio address.\nCurrently there is support for 32 addresses in kernel via PHY_MAX_ADDR define,\nbut it is possible to pass higher value than that via ioctl.\nWhile read/write operation should generally fail in this case,\nmdiobus provides stats array, where wrong address may allow out-of-bounds\nread/write.\nFix that by adding address verification before read/write operation.\nWhile this excludes this access from any statistics, it improves security of\nread/write operation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38111" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38108", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: red: fix a race in __red_change()\nGerrard Tai reported a race condition in RED, whenever SFQ perturb timer\nfires at the wrong time.\nThe race is as follows:\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n|\n| [5]: lock root\n| [6]: rehash\n| [7]: qdisc_tree_reduce_backlog()\n|\n[4]: qdisc_put()\nThis can be abused to underflow a parent's qlen.\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38108" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38103", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nHID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()\nUpdate struct hid_descriptor to better reflect the mandatory and\noptional parts of the HID Descriptor as per USB HID 1.11 specification.\nNote: the kernel currently does not parse any optional HID class\ndescriptors, only the mandatory report descriptor.\nUpdate all references to member element desc[0] to rpt_desc.\nAdd test to verify bLength and bNumDescriptors values are valid.\nReplace the for loop with direct access to the mandatory HID class\ndescriptor member for the report descriptor. This eliminates the\npossibility of getting an out-of-bounds fault.\nAdd a warning message if the HID descriptor contains any unsupported\noptional HID class descriptors.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38103" } ], "release_date": "2025-07-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38090", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrivers/rapidio/rio_cm.c: prevent possible heap overwrite\nIn\nriocm_cdev_ioctl(RIO_CM_CHAN_SEND)\n-> cm_chan_msg_send()\n-> riocm_ch_send()\ncm_chan_msg_send() checks that userspace didn't send too much data but\nriocm_ch_send() failed to check that userspace sent sufficient data. The\nresult is that riocm_ch_send() can write to fields in the rio_ch_chan_hdr\nwhich were outside the bounds of the space which cm_chan_msg_send()\nallocated.\nAddress this by teaching riocm_ch_send() to check that the entire\nrio_ch_chan_hdr was copied in from userspace.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38090" } ], "release_date": "2025-06-30T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38083", "cwe": { "id": "CWE-366", "name": "Race Condition within a Thread" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: prio: fix a race in prio_tune()\nGerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer\nfires at the wrong time.\nThe race is as follows:\nCPU 0 CPU 1\n[1]: lock root\n[2]: qdisc_tree_flush_backlog()\n[3]: unlock root\n|\n| [5]: lock root\n| [6]: rehash\n| [7]: qdisc_tree_reduce_backlog()\n|\n[4]: qdisc_put()\nThis can be abused to underflow a parent's qlen.\nCalling qdisc_purge_queue() instead of qdisc_tree_flush_backlog()\nshould fix the race, because all packets will be purged from the qdisc\nbefore releasing the lock.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38083" } ], "release_date": "2025-06-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38079", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: algif_hash - fix double free in hash_accept\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38079" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38078", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: pcm: Fix race of buffer access at PCM OSS layer\nThe PCM OSS layer tries to clear the buffer with the silence data at\ninitialization (or reconfiguration) of a stream with the explicit call\nof snd_pcm_format_set_silence() with runtime->dma_area. But this may\nlead to a UAF because the accessed runtime->dma_area might be freed\nconcurrently, as it's performed outside the PCM ops.\nFor avoiding it, move the code into the PCM core and perform it inside\nthe buffer access lock, so that it won't be changed during the\noperation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38078" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38075", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: target: iscsi: Fix timeout on deleted connection\nNOPIN response timer may expire on a deleted connection and crash with\nsuch logs:\nDid not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d\nBUG: Kernel NULL pointer dereference on read at 0x00000000\nNIP strlcpy+0x8/0xb0\nLR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]\nCall Trace:\niscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]\ncall_timer_fn+0x58/0x1f0\nrun_timer_softirq+0x740/0x860\n__do_softirq+0x16c/0x420\nirq_exit+0x188/0x1c0\ntimer_interrupt+0x184/0x410\nThat is because nopin response timer may be re-started on nopin timer\nexpiration.\nStop nopin timer before stopping the nopin response timer to be sure\nthat no one of them will be re-started.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38075" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38072", "cwe": { "id": "CWE-369", "name": "Divide By Zero" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nlibnvdimm/labels: Fix divide error in nd_label_data_init()\nIf a faulty CXL memory device returns a broken zero LSA size in its\nmemory device information (Identify Memory Device (Opcode 4000h), CXL\nspec. 3.1, 8.2.9.9.1.1), a divide error occurs in the libnvdimm\ndriver:\nOops: divide error: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:nd_label_data_init+0x10e/0x800 [libnvdimm]\nCode and flow:\n1) CXL Command 4000h returns LSA size = 0\n2) config_size is assigned to zero LSA size (CXL pmem driver):\ndrivers/cxl/pmem.c: .config_size = mds->lsa_size,\n3) max_xfer is set to zero (nvdimm driver):\ndrivers/nvdimm/label.c: max_xfer = min_t(size_t, ndd->nsarea.max_xfer, config_size);\n4) A subsequent DIV_ROUND_UP() causes a division by zero:\ndrivers/nvdimm/label.c: /* Make our initial read size a multiple of max_xfer size */\ndrivers/nvdimm/label.c: read_size = min(DIV_ROUND_UP(read_size, max_xfer) * max_xfer,\ndrivers/nvdimm/label.c- config_size);\nFix this by checking the config size parameter by extending an\nexisting check.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38072" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38066", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndm cache: prevent BUG_ON by blocking retries on failed device resumes\nA cache device failing to resume due to mapping errors should not be\nretried, as the failure leaves a partially initialized policy object.\nRepeating the resume operation risks triggering BUG_ON when reloading\ncache mappings into the incomplete policy object.\nReproduce steps:\n1. create a cache metadata consisting of 512 or more cache blocks,\nwith some mappings stored in the first array block of the mapping\narray. Here we use cache_restore v1.0 to build the metadata.\ncat <> cmeta.xml\n\n\n\n\n\nEOF\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ncache_restore -i cmeta.xml -o /dev/mapper/cmeta --metadata-version=2\ndmsetup remove cmeta\n2. wipe the second array block of the mapping array to simulate\ndata degradations.\nmapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\nablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \\\n2>/dev/null | hexdump -e '1/8 \"%u\\n\"')\ndd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock\n3. try bringing up the cache device. The resume is expected to fail\ndue to the broken array block.\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndmsetup create cache --notable\ndmsetup load cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\ndmsetup resume cache\n4. try resuming the cache again. An unexpected BUG_ON is triggered\nwhile loading cache mappings.\ndmsetup resume cache\nKernel logs:\n(snip)\n------------[ cut here ]------------\nkernel BUG at drivers/md/dm-cache-policy-smq.c:752!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 332 Comm: dmsetup Not tainted 6.13.4 #3\nRIP: 0010:smq_load_mapping+0x3e5/0x570\nFix by disallowing resume operations for devices that failed the\ninitial attempt.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38066" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38058", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock\n... or we risk stealing final mntput from sync umount - raising mnt_count\nafter umount(2) has verified that victim is not busy, but before it\nhas set MNT_SYNC_UMOUNT; in that case __legitimize_mnt() doesn't see\nthat it's safe to quietly undo mnt_count increment and leaves dropping\nthe reference to caller, where it'll be a full-blown mntput().\nCheck under mount_lock is needed; leaving the current one done before\ntaking that makes no sense - it's nowhere near common enough to bother\nwith.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38058" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38046", "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nxen: Add support for XenServer 6.1 platform device", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38046" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38044", "cwe": { "id": "CWE-99", "name": "Improper Control of Resource Identifiers ('Resource Injection')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: cx231xx: set device_caps for 417\nThe video_device for the MPEG encoder did not set device_caps.\nAdd this, otherwise the video device can't be registered (you get a\nWARN_ON instead).\nNot seen before since currently 417 support is disabled, but I found\nthis while experimenting with it.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38044" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38037", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nvxlan: Annotate FDB data races\nThe 'used' and 'updated' fields in the FDB entry structure can be\naccessed concurrently by multiple threads, leading to reports such as\n[1]. Can be reproduced using [2].\nSuppress these reports by annotating these accesses using\nREAD_ONCE() / WRITE_ONCE().\n[1]\nBUG: KCSAN: data-race in vxlan_xmit / vxlan_xmit\nwrite to 0xffff942604d263a8 of 8 bytes by task 286 on cpu 0:\nvxlan_xmit+0xb29/0x2380\ndev_hard_start_xmit+0x84/0x2f0\n__dev_queue_xmit+0x45a/0x1650\npacket_xmit+0x100/0x150\npacket_sendmsg+0x2114/0x2ac0\n__sys_sendto+0x318/0x330\n__x64_sys_sendto+0x76/0x90\nx64_sys_call+0x14e8/0x1c00\ndo_syscall_64+0x9e/0x1a0\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nread to 0xffff942604d263a8 of 8 bytes by task 287 on cpu 2:\nvxlan_xmit+0xadf/0x2380\ndev_hard_start_xmit+0x84/0x2f0\n__dev_queue_xmit+0x45a/0x1650\npacket_xmit+0x100/0x150\npacket_sendmsg+0x2114/0x2ac0\n__sys_sendto+0x318/0x330\n__x64_sys_sendto+0x76/0x90\nx64_sys_call+0x14e8/0x1c00\ndo_syscall_64+0x9e/0x1a0\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nvalue changed: 0x00000000fffbac6e -> 0x00000000fffbac6f\nReported by Kernel Concurrency Sanitizer on:\nCPU: 2 UID: 0 PID: 287 Comm: mausezahn Not tainted 6.13.0-rc7-01544-gb4b270f11a02 #5\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n[2]\n#!/bin/bash\nset +H\necho whitelist > /sys/kernel/debug/kcsan\necho !vxlan_xmit > /sys/kernel/debug/kcsan\nip link add name vx0 up type vxlan id 10010 dstport 4789 local 192.0.2.1\nbridge fdb add 00:11:22:33:44:55 dev vx0 self static dst 198.51.100.1\ntaskset -c 0 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &\ntaskset -c 2 mausezahn vx0 -a own -b 00:11:22:33:44:55 -c 0 -q &", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38037" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-38034", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nbtrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref\nbtrfs_prelim_ref() calls the old and new reference variables in the\nincorrect order. This causes a NULL pointer dereference because oldref\nis passed as NULL to trace_btrfs_prelim_ref_insert().\nNote, trace_btrfs_prelim_ref_insert() is being called with newref as\noldref (and oldref as NULL) on purpose in order to print out\nthe values of newref.\nTo reproduce:\necho 1 > /sys/kernel/debug/tracing/events/btrfs/btrfs_prelim_ref_insert/enable\nPerform some writeback operations.\nBacktrace:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 115949067 P4D 115949067 PUD 11594a067 PMD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 1 UID: 0 PID: 1188 Comm: fsstress Not tainted 6.15.0-rc2-tester+ #47 PREEMPT(voluntary) 7ca2cef72d5e9c600f0c7718adb6462de8149622\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-2-gc13ff2cd-prebuilt.qemu.org 04/01/2014\nRIP: 0010:trace_event_raw_event_btrfs__prelim_ref+0x72/0x130\nCode: e8 43 81 9f ff 48 85 c0 74 78 4d 85 e4 0f 84 8f 00 00 00 49 8b 94 24 c0 06 00 00 48 8b 0a 48 89 48 08 48 8b 52 08 48 89 50 10 <49> 8b 55 18 48 89 50 18 49 8b 55 20 48 89 50 20 41 0f b6 55 28 88\nRSP: 0018:ffffce44820077a0 EFLAGS: 00010286\nRAX: ffff8c6b403f9014 RBX: ffff8c6b55825730 RCX: 304994edf9cf506b\nRDX: d8b11eb7f0fdb699 RSI: ffff8c6b403f9010 RDI: ffff8c6b403f9010\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000010\nR10: 00000000ffffffff R11: 0000000000000000 R12: ffff8c6b4e8fb000\nR13: 0000000000000000 R14: ffffce44820077a8 R15: ffff8c6b4abd1540\nFS: 00007f4dc6813740(0000) GS:ffff8c6c1d378000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000018 CR3: 000000010eb42000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n\nprelim_ref_insert+0x1c1/0x270\nfind_parent_nodes+0x12a6/0x1ee0\n? __entry_text_end+0x101f06/0x101f09\n? srso_alias_return_thunk+0x5/0xfbef5\n? srso_alias_return_thunk+0x5/0xfbef5\n? srso_alias_return_thunk+0x5/0xfbef5\n? srso_alias_return_thunk+0x5/0xfbef5\nbtrfs_is_data_extent_shared+0x167/0x640\n? fiemap_process_hole+0xd0/0x2c0\nextent_fiemap+0xa5c/0xbc0\n? __entry_text_end+0x101f05/0x101f09\nbtrfs_fiemap+0x7e/0xd0\ndo_vfs_ioctl+0x425/0x9d0\n__x64_sys_ioctl+0x75/0xc0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38034" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-38023", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnfs: handle failure of nfs_get_lock_context in unlock path\nWhen memory is insufficient, the allocation of nfs_lock_context in\nnfs_get_lock_context() fails and returns -ENOMEM. If we mistakenly treat\nan nfs4_unlockdata structure (whose l_ctx member has been set to -ENOMEM)\nas valid and proceed to execute rpc_run_task(), this will trigger a NULL\npointer dereference in nfs4_locku_prepare. For example:\nBUG: kernel NULL pointer dereference, address: 000000000000000c\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP PTI\nCPU: 15 UID: 0 PID: 12 Comm: kworker/u64:0 Not tainted 6.15.0-rc2-dirty #60\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40\nWorkqueue: rpciod rpc_async_schedule\nRIP: 0010:nfs4_locku_prepare+0x35/0xc2\nCode: 89 f2 48 89 fd 48 c7 c7 68 69 ef b5 53 48 8b 8e 90 00 00 00 48 89 f3\nRSP: 0018:ffffbbafc006bdb8 EFLAGS: 00010246\nRAX: 000000000000004b RBX: ffff9b964fc1fa00 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: fffffffffffffff4 RDI: ffff9ba53fddbf40\nRBP: ffff9ba539934000 R08: 0000000000000000 R09: ffffbbafc006bc38\nR10: ffffffffb6b689c8 R11: 0000000000000003 R12: ffff9ba539934030\nR13: 0000000000000001 R14: 0000000004248060 R15: ffffffffb56d1c30\nFS: 0000000000000000(0000) GS:ffff9ba5881f0000(0000) knlGS:00000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000000000000c CR3: 000000093f244000 CR4: 00000000000006f0\nCall Trace:\n\n__rpc_execute+0xbc/0x480\nrpc_async_schedule+0x2f/0x40\nprocess_one_work+0x232/0x5d0\nworker_thread+0x1da/0x3d0\n? __pfx_worker_thread+0x10/0x10\nkthread+0x10d/0x240\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x34/0x50\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n\nModules linked in:\nCR2: 000000000000000c\n---[ end trace 0000000000000000 ]---\nFree the allocated nfs4_unlockdata when nfs_get_lock_context() fails and\nreturn NULL to terminate subsequent rpc_run_task, preventing NULL pointer\ndereference.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38023" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38004", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncan: bcm: add locking for bcm_op runtime updates\nThe CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via\nhrtimer. The content and also the length of the sequence can be changed\nresp reduced at runtime where the 'currframe' counter is then set to zero.\nAlthough this appeared to be a safe operation the updates of 'currframe'\ncan be triggered from user space and hrtimer context in bcm_can_tx().\nAnderson Nascimento created a proof of concept that triggered a KASAN\nslab-out-of-bounds read access which can be prevented with a spin_lock_bh.\nAt the rework of bcm_can_tx() the 'count' variable has been moved into\nthe protected section as this variable can be modified from both contexts\ntoo.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38004" } ], "release_date": "2025-06-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38003", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncan: bcm: add missing rcu read protection for procfs content\nWhen the procfs content is generated for a bcm_op which is in the process\nto be removed the procfs output might show unreliable data (UAF).\nAs the removal of bcm_op's is already implemented with rcu handling this\npatch adds the missing rcu_read_lock() and makes sure the list entries\nare properly removed under rcu protection.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38003" } ], "release_date": "2025-06-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38000", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()\nWhen enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the\nchild qdisc's peek() operation before incrementing sch->q.qlen and\nsch->qstats.backlog. If the child qdisc uses qdisc_peek_dequeued(), this may\ntrigger an immediate dequeue and potential packet drop. In such cases,\nqdisc_tree_reduce_backlog() is called, but the HFSC qdisc's qlen and backlog\nhave not yet been updated, leading to inconsistent queue accounting. This\ncan leave an empty HFSC class in the active list, causing further\nconsequences like use-after-free.\nThis patch fixes the bug by moving the increment of sch->q.qlen and\nsch->qstats.backlog before the call to the child qdisc's peek() operation.\nThis ensures that queue length and backlog are always accurate when packet\ndrops or dequeues are triggered during the peek.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38000" } ], "release_date": "2025-06-06T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37998", "cwe": { "id": "CWE-241", "name": "Improper Handling of Unexpected Data Type" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nopenvswitch: Fix unsafe attribute parsing in output_userspace()\nThis patch replaces the manual Netlink attribute iteration in\noutput_userspace() with nla_for_each_nested(), which ensures that only\nwell-formed attributes are processed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37998" } ], "release_date": "2025-05-29T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37997", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: ipset: fix region locking in hash types\nRegion locking introduced in v5.6-rc4 contained three macros to handle\nthe region locks: ahash_bucket_start(), ahash_bucket_end() which gave\nback the start and end hash bucket values belonging to a given region\nlock and ahash_region() which should give back the region lock belonging\nto a given hash bucket. The latter was incorrect which can lead to a\nrace condition between the garbage collector and adding new elements\nwhen a hash type of set is defined with timeouts.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37997" } ], "release_date": "2025-05-29T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37995", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmodule: ensure that kobject_put() is safe for module type kobjects\nIn 'lookup_or_create_module_kobject()', an internal kobject is created\nusing 'module_ktype'. So call to 'kobject_put()' on error handling\npath causes an attempt to use an uninitialized completion pointer in\n'module_kobject_release()'. In this scenario, we just want to release\nkobject without an extra synchronization required for a regular module\nunloading process, so adding an extra check whether 'complete()' is\nactually required makes 'kobject_put()' safe.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37995" } ], "release_date": "2025-05-29T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37994", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: typec: ucsi: displayport: Fix NULL pointer access\nThis patch ensures that the UCSI driver waits for all pending tasks in the\nucsi_displayport_work workqueue to finish executing before proceeding with\nthe partner removal.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37994" } ], "release_date": "2025-05-29T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37991", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nparisc: Fix double SIGFPE crash\nCamm noticed that on parisc a SIGFPE exception will crash an application with\na second SIGFPE in the signal handler. Dave analyzed it, and it happens\nbecause glibc uses a double-word floating-point store to atomically update\nfunction descriptors. As a result of lazy binding, we hit a floating-point\nstore in fpe_func almost immediately.\nWhen the T bit is set, an assist exception trap occurs when when the\nco-processor encounters *any* floating-point instruction except for a double\nstore of register %fr0. The latter cancels all pending traps. Let's fix this\nby clearing the Trap (T) bit in the FP status register before returning to the\nsignal handler in userspace.\nThe issue can be reproduced with this test program:\nroot@parisc:~# cat fpe.c\nstatic void fpe_func(int sig, siginfo_t *i, void *v) {\nsigset_t set;\nsigemptyset(&set);\nsigaddset(&set, SIGFPE);\nsigprocmask(SIG_UNBLOCK, &set, NULL);\nprintf(\"GOT signal %d with si_code %ld\\n\", sig, i->si_code);\n}\nint main() {\nstruct sigaction action = {\n.sa_sigaction = fpe_func,\n.sa_flags = SA_RESTART|SA_SIGINFO };\nsigaction(SIGFPE, &action, 0);\nfeenableexcept(FE_OVERFLOW);\nreturn printf(\"%lf\\n\",1.7976931348623158E308*1.7976931348623158E308);\n}\nroot@parisc:~# gcc fpe.c -lm\nroot@parisc:~# ./a.out\nFloating point exception\nroot@parisc:~# strace -f ./a.out\nexecve(\"./a.out\", [\"./a.out\"], 0xf9ac7034 /* 20 vars */) = 0\ngetrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0\n...\nrt_sigaction(SIGFPE, {sa_handler=0x1110a, sa_mask=[], sa_flags=SA_RESTART|SA_SIGINFO}, NULL, 8) = 0\n--- SIGFPE {si_signo=SIGFPE, si_code=FPE_FLTOVF, si_addr=0x1078f} ---\n--- SIGFPE {si_signo=SIGFPE, si_code=FPE_FLTOVF, si_addr=0xf8f21237} ---\n+++ killed by SIGFPE +++\nFloating point exception", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37991" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37990", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()\nThe function brcmf_usb_dl_writeimage() calls the function\nbrcmf_usb_dl_cmd() but dose not check its return value. The\n'state.state' and the 'state.bytes' are uninitialized if the\nfunction brcmf_usb_dl_cmd() fails. It is dangerous to use\nuninitialized variables in the conditions.\nAdd error handling for brcmf_usb_dl_cmd() to jump to error\nhandling path if the brcmf_usb_dl_cmd() fails and the\n'state.state' and the 'state.bytes' are uninitialized.\nImprove the error message to report more detailed error\ninformation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37990" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37989", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: phy: leds: fix memory leak\nA network restart test on a router led to an out-of-memory condition,\nwhich was traced to a memory leak in the PHY LED trigger code.\nThe root cause is misuse of the devm API. The registration function\n(phy_led_triggers_register) is called from phy_attach_direct, not\nphy_probe, and the unregister function (phy_led_triggers_unregister)\nis called from phy_detach, not phy_remove. This means the register and\nunregister functions can be called multiple times for the same PHY\ndevice, but devm-allocated memory is not freed until the driver is\nunbound.\nThis also prevents kmemleak from detecting the leak, as the devm API\ninternally stores the allocated pointer.\nFix this by replacing devm_kzalloc/devm_kcalloc with standard\nkzalloc/kcalloc, and add the corresponding kfree calls in the unregister\npath.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37989" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37970", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\niio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo\nPrevent st_lsm6dsx_read_fifo from falling in an infinite loop in case\npattern_len is equal to zero and the device FIFO is not empty.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37970" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37969", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\niio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo\nPrevent st_lsm6dsx_read_tagged_fifo from falling in an infinite loop in\ncase pattern_len is equal to zero and the device FIFO is not empty.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37969" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37958", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmm/huge_memory: fix dereferencing invalid pmd migration entry\nWhen migrating a THP, concurrent access to the PMD migration entry during\na deferred split scan can lead to an invalid address access, as\nillustrated below. To prevent this invalid access, it is necessary to\ncheck the PMD migration entry and return early. In this context, there is\nno need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the\nequality of the target folio. Since the PMD migration entry is locked, it\ncannot be served as the target.\nMailing list discussion and explanation from Hugh Dickins: \"An anon_vma\nlookup points to a location which may contain the folio of interest, but\nmight instead contain another folio: and weeding out those other folios is\nprecisely what the \"folio != pmd_folio((*pmd)\" check (and the \"risk of\nreplacing the wrong folio\" comment a few lines above it) is for.\"\nBUG: unable to handle page fault for address: ffffea60001db008\nCPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60\nCall Trace:\n\ntry_to_migrate_one+0x28c/0x3730\nrmap_walk_anon+0x4f6/0x770\nunmap_folio+0x196/0x1f0\nsplit_huge_page_to_list_to_order+0x9f6/0x1560\ndeferred_split_scan+0xac5/0x12a0\nshrinker_debugfs_scan_write+0x376/0x470\nfull_proxy_write+0x15c/0x220\nvfs_write+0x2fc/0xcb0\nksys_write+0x146/0x250\ndo_syscall_64+0x6a/0x120\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nThe bug is found by syzkaller on an internal kernel, then confirmed on\nupstream.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37958" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37953", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsch_htb: make htb_deactivate() idempotent\nAlan reported a NULL pointer dereference in htb_next_rb_node()\nafter we made htb_qlen_notify() idempotent.\nIt turns out in the following case it introduced some regression:\nhtb_dequeue_tree():\n|-> fq_codel_dequeue()\n|-> qdisc_tree_reduce_backlog()\n|-> htb_qlen_notify()\n|-> htb_deactivate()\n|-> htb_next_rb_node()\n|-> htb_deactivate()\nFor htb_next_rb_node(), after calling the 1st htb_deactivate(), the\nclprio[prio]->ptr could be already set to NULL, which means\nhtb_next_rb_node() is vulnerable here.\nFor htb_deactivate(), although we checked qlen before calling it, in\ncase of qlen==0 after qdisc_tree_reduce_backlog(), we may call it again\nwhich triggers the warning inside.\nTo fix the issues here, we need to:\n1) Make htb_deactivate() idempotent, that is, simply return if we\nalready call it before.\n2) Make htb_next_rb_node() safe against ptr==NULL.\nMany thanks to Alan for testing and for the reproducer.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37953" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37940", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nftrace: Add cond_resched() to ftrace_graph_set_hash()\nWhen the kernel contains a large number of functions that can be traced,\nthe loop in ftrace_graph_set_hash() may take a lot of time to execute.\nThis may trigger the softlockup watchdog.\nAdd cond_resched() within the loop to allow the kernel to remain\nresponsive even when processing a large number of functions.\nThis matches the cond_resched() that is used in other locations of the\ncode that iterates over all functions that can be traced.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37940" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37927", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\niommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid\nThere is a string parsing logic error which can lead to an overflow of hid\nor uid buffers. Comparing ACPIID_LEN against a total string length doesn't\ntake into account the lengths of individual hid and uid buffers so the\ncheck is insufficient in some cases. For example if the length of hid\nstring is 4 and the length of the uid string is 260, the length of str\nwill be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer\nwhich size is 256.\nThe same applies to the hid string with length 13 and uid string with\nlength 250.\nCheck the length of hid and uid strings separately to prevent\nbuffer overflow.\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37927" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37923", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntracing: Fix oob write in trace_seq_to_buffer()\nsyzbot reported this bug:\n==================================================================\nBUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/trace.c:1830 [inline]\nBUG: KASAN: slab-out-of-bounds in tracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822\nWrite of size 4507 at addr ffff888032b6b000 by task syz.2.320/7260\nCPU: 1 UID: 0 PID: 7260 Comm: syz.2.320 Not tainted 6.15.0-rc1-syzkaller-00301-g3bde70a2c827 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xe0/0x110 mm/kasan/report.c:634\ncheck_region_inline mm/kasan/generic.c:183 [inline]\nkasan_check_range+0xef/0x1a0 mm/kasan/generic.c:189\n__asan_memcpy+0x3c/0x60 mm/kasan/shadow.c:106\ntrace_seq_to_buffer kernel/trace/trace.c:1830 [inline]\ntracing_splice_read_pipe+0x6be/0xdd0 kernel/trace/trace.c:6822\n....\n==================================================================\nIt has been reported that trace_seq_to_buffer() tries to copy more data\nthan PAGE_SIZE to buf. Therefore, to prevent this, we should use the\nsmaller of trace_seq_used(&iter->seq) and PAGE_SIZE as an argument.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37923" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37915", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: drr: Fix double list add in class with netem as child qdisc\nAs described in Gerrard's report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc's enqueue callback reentrant.\nIn the case of drr, there won't be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\nIn addition to checking for qlen being zero, this patch checks whether the\nclass was already added to the active_list (cl_is_active) before adding\nto the list to cover for the reentrant case.\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37915" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37913", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: qfq: Fix double list add in class with netem as child qdisc\nAs described in Gerrard's report [1], there are use cases where a netem\nchild qdisc will make the parent qdisc's enqueue callback reentrant.\nIn the case of qfq, there won't be a UAF, but the code will add the same\nclassifier to the list twice, which will cause memory corruption.\nThis patch checks whether the class was already added to the agg->active\nlist (cl_is_active) before doing the addition to cater for the reentrant\ncase.\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37913" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37909", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: lan743x: Fix memleak issue when GSO enabled\nAlways map the `skb` to the LS descriptor. Previously skb was\nmapped to EXT descriptor when the number of fragments is zero with\nGSO enabled. Mapping the skb to EXT descriptor prevents it from\nbeing freed, leading to a memory leak", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37909" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-37892", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmtd: inftlcore: Add error check for inftl_read_oob()\nIn INFTL_findwriteunit(), the return value of inftl_read_oob()\nneed to be checked. A proper implementation can be\nfound in INFTL_deleteblock(). The status will be set as\nSECTOR_IGNORE to break from the while-loop correctly\nif the inftl_read_oob() fails.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37892" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37890", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\nAs described in Gerrard's report [1], we have a UAF case when an hfsc class\nhas a netem child qdisc. The crux of the issue is that hfsc is assuming\nthat checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted\nthe class in the vttree or eltree (which is not true for the netem\nduplicate case).\nThis patch checks the n_active class variable to make sure that the code\nwon't insert the class in the vttree or eltree twice, catering for the\nreentrant case.\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37890" } ], "release_date": "2025-05-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37881", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()\nThe variable d->name, returned by devm_kasprintf(), could be NULL.\nA pointer check is added to prevent potential NULL pointer dereference.\nThis is similar to the fix in commit 3027e7b15b02\n(\"ice: Fix some null pointer dereference issues in ice_ptp.c\").\nThis issue is found by our static analysis tool", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37881" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37862", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nHID: pidff: Fix null pointer dereference in pidff_find_fields\nThis function triggered a null pointer dereference if used to search for\na report that isn't implemented on the device. This happened both for\noptional and required reports alike.\nThe same logic was applied to pidff_find_special_field and although\npidff_init_fields should return an error earlier if one of the required\nreports is missing, future modifications could change this logic and\nresurface this possible null pointer dereference again.\nLKML bug report:\nhttps://lore.kernel.org/all/CAL-gK7f5=R0nrrQdPtaZZr1fd-cdAMbDMuZ_NLA8vM0SX+nGSw@mail.gmail.com", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37862" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37859", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npage_pool: avoid infinite loop to schedule delayed worker\nWe noticed the kworker in page_pool_release_retry() was waken\nup repeatedly and infinitely in production because of the\nbuggy driver causing the inflight less than 0 and warning\nus in page_pool_inflight()[1].\nSince the inflight value goes negative, it means we should\nnot expect the whole page_pool to get back to work normally.\nThis patch mitigates the adverse effect by not rescheduling\nthe kworker when detecting the inflight negative in\npage_pool_release_retry().\n[1]\n[Mon Feb 10 20:36:11 2025] ------------[ cut here ]------------\n[Mon Feb 10 20:36:11 2025] Negative(-51446) inflight packet-pages\n...\n[Mon Feb 10 20:36:11 2025] Call Trace:\n[Mon Feb 10 20:36:11 2025] page_pool_release_retry+0x23/0x70\n[Mon Feb 10 20:36:11 2025] process_one_work+0x1b1/0x370\n[Mon Feb 10 20:36:11 2025] worker_thread+0x37/0x3a0\n[Mon Feb 10 20:36:11 2025] kthread+0x11a/0x140\n[Mon Feb 10 20:36:11 2025] ? process_one_work+0x370/0x370\n[Mon Feb 10 20:36:11 2025] ? __kthread_cancel_work+0x40/0x40\n[Mon Feb 10 20:36:11 2025] ret_from_fork+0x35/0x40\n[Mon Feb 10 20:36:11 2025] ---[ end trace ebffe800f33e7e34 ]---\nNote: before this patch, the above calltrace would flood the\ndmesg due to repeated reschedule of release_dw kworker.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37859" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37858", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfs/jfs: Prevent integer overflow in AG size calculation\nThe JFS filesystem calculates allocation group (AG) size using 1 <<\nl2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB\naggregates on 32-bit systems), this 32-bit shift operation causes undefined\nbehavior and improper AG sizing.\nOn 32-bit architectures:\n- Left-shifting 1 by 32+ bits results in 0 due to integer overflow\n- This creates invalid AG sizes (0 or garbage values) in\nsbi->bmap->db_agsize\n- Subsequent block allocations would reference invalid AG structures\n- Could lead to:\n- Filesystem corruption during extend operations\n- Kernel crashes due to invalid memory accesses\n- Security vulnerabilities via malformed on-disk structures\nFix by casting to s64 before shifting:\nbmp->db_agsize = (s64)1 << l2agsize;\nThis ensures 64-bit arithmetic even on 32-bit architectures. The cast\nmatches the data type of db_agsize (s64) and follows similar patterns in\nJFS block calculation code.\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37858" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37857", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: st: Fix array overflow in st_setup()\nChange the array size to follow parms size instead of a fixed value.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37857" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37851", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: omapfb: Add 'plane' value check\nFunction dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB\nof the enum parameter plane.\nThe value of this parameter is initialized in dss_init_overlays and in the\ncurrent state of the code it cannot take this value so it's not a real\nproblem.\nFor the purposes of defensive coding it wouldn't be superfluous to check\nthe parameter value, because some functions down the call stack process\nthis value correctly and some not.\nFor example, in dispc_ovl_setup_global_alpha it may lead to buffer\noverflow.\nAdd check for this value.\nFound by Linux Verification Center (linuxtesting.org) with SVACE static\nanalysis tool.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37851" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37850", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()\nWith CONFIG_COMPILE_TEST && !CONFIG_HAVE_CLK, pwm_mediatek_config() has a\ndivide-by-zero in the following line:\ndo_div(resolution, clk_get_rate(pc->clk_pwms[pwm->hwpwm]));\ndue to the fact that the !CONFIG_HAVE_CLK version of clk_get_rate()\nreturns zero.\nThis is presumably just a theoretical problem: COMPILE_TEST overrides\nthe dependency on RALINK which would select COMMON_CLK. Regardless it's\na good idea to check for the error explicitly to avoid divide-by-zero.\nFixes the following warning:\ndrivers/pwm/pwm-mediatek.o: warning: objtool: .text: unexpected end of section\n[ukleinek: s/CONFIG_CLK/CONFIG_HAVE_CLK/]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37850" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37841", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npm: cpupower: bench: Prevent NULL dereference on malloc failure\nIf malloc returns NULL due to low memory, 'config' pointer can be NULL.\nAdd a check to prevent NULL dereference.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37841" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37840", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmtd: rawnand: brcmnand: fix PM resume warning\nFixed warning on PM resume as shown below caused due to uninitialized\nstruct nand_operation that checks chip select field :\nWARN_ON(op->cs >= nanddev_ntargets(&chip->base)\n[ 14.588522] ------------[ cut here ]------------\n[ 14.588529] WARNING: CPU: 0 PID: 1392 at drivers/mtd/nand/raw/internals.h:139 nand_reset_op+0x1e0/0x1f8\n[ 14.588553] Modules linked in: bdc udc_core\n[ 14.588579] CPU: 0 UID: 0 PID: 1392 Comm: rtcwake Tainted: G W 6.14.0-rc4-g5394eea10651 #16\n[ 14.588590] Tainted: [W]=WARN\n[ 14.588593] Hardware name: Broadcom STB (Flattened Device Tree)\n[ 14.588598] Call trace:\n[ 14.588604] dump_backtrace from show_stack+0x18/0x1c\n[ 14.588622] r7:00000009 r6:0000008b r5:60000153 r4:c0fa558c\n[ 14.588625] show_stack from dump_stack_lvl+0x70/0x7c\n[ 14.588639] dump_stack_lvl from dump_stack+0x18/0x1c\n[ 14.588653] r5:c08d40b0 r4:c1003cb0\n[ 14.588656] dump_stack from __warn+0x84/0xe4\n[ 14.588668] __warn from warn_slowpath_fmt+0x18c/0x194\n[ 14.588678] r7:c08d40b0 r6:c1003cb0 r5:00000000 r4:00000000\n[ 14.588681] warn_slowpath_fmt from nand_reset_op+0x1e0/0x1f8\n[ 14.588695] r8:70c40dff r7:89705f41 r6:36b4a597 r5:c26c9444 r4:c26b0048\n[ 14.588697] nand_reset_op from brcmnand_resume+0x13c/0x150\n[ 14.588714] r9:00000000 r8:00000000 r7:c24f8010 r6:c228a3f8 r5:c26c94bc r4:c26b0040\n[ 14.588717] brcmnand_resume from platform_pm_resume+0x34/0x54\n[ 14.588735] r5:00000010 r4:c0840a50\n[ 14.588738] platform_pm_resume from dpm_run_callback+0x5c/0x14c\n[ 14.588757] dpm_run_callback from device_resume+0xc0/0x324\n[ 14.588776] r9:c24f8054 r8:c24f80a0 r7:00000000 r6:00000000 r5:00000010 r4:c24f8010\n[ 14.588779] device_resume from dpm_resume+0x130/0x160\n[ 14.588799] r9:c22539e4 r8:00000010 r7:c22bebb0 r6:c24f8010 r5:c22539dc r4:c22539b0\n[ 14.588802] dpm_resume from dpm_resume_end+0x14/0x20\n[ 14.588822] r10:c2204e40 r9:00000000 r8:c228a3fc r7:00000000 r6:00000003 r5:c228a414\n[ 14.588826] r4:00000010\n[ 14.588828] dpm_resume_end from suspend_devices_and_enter+0x274/0x6f8\n[ 14.588848] r5:c228a414 r4:00000000\n[ 14.588851] suspend_devices_and_enter from pm_suspend+0x228/0x2bc\n[ 14.588868] r10:c3502910 r9:c3501f40 r8:00000004 r7:c228a438 r6:c0f95e18 r5:00000000\n[ 14.588871] r4:00000003\n[ 14.588874] pm_suspend from state_store+0x74/0xd0\n[ 14.588889] r7:c228a438 r6:c0f934c8 r5:00000003 r4:00000003\n[ 14.588892] state_store from kobj_attr_store+0x1c/0x28\n[ 14.588913] r9:00000000 r8:00000000 r7:f09f9f08 r6:00000004 r5:c3502900 r4:c0283250\n[ 14.588916] kobj_attr_store from sysfs_kf_write+0x40/0x4c\n[ 14.588936] r5:c3502900 r4:c0d92a48\n[ 14.588939] sysfs_kf_write from kernfs_fop_write_iter+0x104/0x1f0\n[ 14.588956] r5:c3502900 r4:c3501f40\n[ 14.588960] kernfs_fop_write_iter from vfs_write+0x250/0x420\n[ 14.588980] r10:c0e14b48 r9:00000000 r8:c25f5780 r7:00443398 r6:f09f9f68 r5:c34f7f00\n[ 14.588983] r4:c042a88c\n[ 14.588987] vfs_write from ksys_write+0x74/0xe4\n[ 14.589005] r10:00000004 r9:c25f5780 r8:c02002fA0 r7:00000000 r6:00000000 r5:c34f7f00\n[ 14.589008] r4:c34f7f00\n[ 14.589011] ksys_write from sys_write+0x10/0x14\n[ 14.589029] r7:00000004 r6:004421c0 r5:00443398 r4:00000004\n[ 14.589032] sys_write from ret_fast_syscall+0x0/0x5c\n[ 14.589044] Exception stack(0xf09f9fa8 to 0xf09f9ff0)\n[ 14.589050] 9fa0: 00000004 00443398 00000004 00443398 00000004 00000001\n[ 14.589056] 9fc0: 00000004 00443398 004421c0 00000004 b6ecbd58 00000008 bebfbc38 0043eb78\n[ 14.589062] 9fe0: 00440eb0 bebfbaf8 b6de18a0 b6e579e8\n[ 14.589065] ---[ end trace 0000000000000000 ]---\nThe fix uses the higher level nand_reset(chip, chipnr); where chipnr = 0, when\ndoing PM resume operation in compliance with the controller support for single\ndie nand chip. Switching from nand_reset_op() to nan\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37840" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37839", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njbd2: remove wrong sb->s_sequence check\nJournal emptiness is not determined by sb->s_sequence == 0 but rather by\nsb->s_start == 0 (which is set a few lines above). Furthermore 0 is a\nvalid transaction ID so the check can spuriously trigger. Remove the\ninvalid WARN_ON.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37839" } ], "release_date": "2025-05-09T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37838", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nHSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition\nIn the ssi_protocol_probe() function, &ssi->work is bound with\nssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function\nwithin the ssip_pn_ops structure is capable of starting the\nwork.\nIf we remove the module which will call ssi_protocol_remove()\nto make a cleanup, it will free ssi through kfree(ssi),\nwhile the work mentioned above will be used. The sequence\nof operations that may lead to a UAF bug is as follows:\nCPU0 CPU1\n| ssip_xmit_work\nssi_protocol_remove |\nkfree(ssi); |\n| struct hsi_client *cl = ssi->cl;\n| // use ssi\nFix it by ensuring that the work is canceled before proceeding\nwith the cleanup in ssi_protocol_remove().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37838" } ], "release_date": "2025-04-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37829", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate()\ncpufreq_cpu_get_raw() can return NULL when the target CPU is not present\nin the policy->cpus mask. scpi_cpufreq_get_rate() does not check for\nthis case, which results in a NULL pointer dereference.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37829" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37824", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntipc: fix NULL pointer dereference in tipc_mon_reinit_self()\nsyzbot reported:\ntipc: Node number set to 1055423674\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 3 UID: 0 PID: 6017 Comm: kworker/3:5 Not tainted 6.15.0-rc1-syzkaller-00246-g900241a5cc15 #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nWorkqueue: events tipc_net_finalize_work\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\ntipc_net_finalize+0x10b/0x180 net/tipc/net.c:140\nprocess_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238\nprocess_scheduled_works kernel/workqueue.c:3319 [inline]\nworker_thread+0x6c8/0xf10 kernel/workqueue.c:3400\nkthread+0x3c2/0x780 kernel/kthread.c:464\nret_from_fork+0x45/0x80 arch/x86/kernel/process.c:153\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n\n...\nRIP: 0010:tipc_mon_reinit_self+0x11c/0x210 net/tipc/monitor.c:719\n...\nRSP: 0018:ffffc9000356fb68 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003ee87cba\nRDX: 0000000000000000 RSI: ffffffff8dbc56a7 RDI: ffff88804c2cc010\nRBP: dffffc0000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000007\nR13: fffffbfff2111097 R14: ffff88804ead8000 R15: ffff88804ead9010\nFS: 0000000000000000(0000) GS:ffff888097ab9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000f720eb00 CR3: 000000000e182000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nThere is a racing condition between workqueue created when enabling\nbearer and another thread created when disabling bearer right after\nthat as follow:\nenabling_bearer | disabling_bearer\n--------------- | ----------------\ntipc_disc_timeout() |\n{ | bearer_disable()\n... | {\nschedule_work(&tn->work); | tipc_mon_delete()\n... | {\n} | ...\n| write_lock_bh(&mon->lock);\n| mon->self = NULL;\n| write_unlock_bh(&mon->lock);\n| ...\n| }\ntipc_net_finalize_work() | }\n{ |\n... |\ntipc_net_finalize() |\n{ |\n... |\ntipc_mon_reinit_self() |\n{ |\n... |\nwrite_lock_bh(&mon->lock); |\nmon->self->addr = tipc_own_addr(net); |\nwrite_unlock_bh(&mon->lock); |\n... \n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37824" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37819", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nirqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()\nWith ACPI in place, gicv2m_get_fwnode() is registered with the pci\nsubsystem as pci_msi_get_fwnode_cb(), which may get invoked at runtime\nduring a PCI host bridge probe. But, the call back is wrongly marked as\n__init, causing it to be freed, while being registered with the PCI\nsubsystem and could trigger:\nUnable to handle kernel paging request at virtual address ffff8000816c0400\ngicv2m_get_fwnode+0x0/0x58 (P)\npci_set_bus_msi_domain+0x74/0x88\npci_register_host_bridge+0x194/0x548\nThis is easily reproducible on a Juno board with ACPI boot.\nRetain the function for later use.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37819" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37817", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmcb: fix a double free bug in chameleon_parse_gdd()\nIn chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev'\nwould be released in mcb_device_register() via put_device().\nThus, goto 'err' label and free 'mdev' again causes a double free.\nJust return if mcb_device_register() fails.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37817" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37812", "cwe": { "id": "CWE-833", "name": "Deadlock" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: cdns3: Fix deadlock when using NCM gadget\nThe cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit\n58f2fcb3a845 (\"usb: cdnsp: Fix deadlock issue during using NCM gadget\").\nUnder PREEMPT_RT the deadlock can be readily triggered by heavy network\ntraffic, for example using \"iperf --bidir\" over NCM ethernet link.\nThe deadlock occurs because the threaded interrupt handler gets\npreempted by a softirq, but both are protected by the same spinlock.\nPrevent deadlock by disabling softirq during threaded irq handler.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37812" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37810", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: dwc3: gadget: check that event count does not exceed event buffer length\nThe event count is read from register DWC3_GEVNTCOUNT.\nThere is a check for the count being zero, but not for exceeding the\nevent buffer length.\nCheck that event count does not exceed event buffer length,\navoiding an out-of-bounds access when memcpy'ing the event.\nCrash log:\nUnable to handle kernel paging request at virtual address ffffffc0129be000\npc : __memcpy+0x114/0x180\nlr : dwc3_check_event_buf+0xec/0x348\nx3 : 0000000000000030 x2 : 000000000000dfc4\nx1 : ffffffc0129be000 x0 : ffffff87aad60080\nCall trace:\n__memcpy+0x114/0x180\ndwc3_interrupt+0x24/0x34", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37810" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37808", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: null - Use spin lock instead of mutex\nAs the null algorithm may be freed in softirq context through\naf_alg, use spin locks instead of mutexes to protect the default\nnull algorithm.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37808" } ], "release_date": "2025-05-08T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37797", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\ncodel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\nthe class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\nare in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn't emptied.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37797" } ], "release_date": "2025-05-02T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37796", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: at76c50x: fix use after free access in at76_disconnect\nThe memory pointed to by priv is freed at the end of at76_delete_device\nfunction (using ieee80211_free_hw). But the code then accesses the udev\nfield of the freed object to put the USB device. This may also lead to a\nmemory leak of the usb device. Fix this by using udev from interface.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37796" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37795", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nwifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37795" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37792", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: btrtl: Prevent potential NULL dereference\nThe btrtl_initialize() function checks that rtl_load_file() either\nhad an error or it loaded a zero length file. However, if it loaded\na zero length file then the error code is not set correctly. It\nresults in an error pointer vs NULL bug, followed by a NULL pointer\ndereference. This was detected by Smatch:\ndrivers/bluetooth/btrtl.c:592 btrtl_initialize() warn: passing zero to 'ERR_PTR'", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37792" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37789", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: openvswitch: fix nested key length validation in the set() action\nIt's not safe to access nla_len(ovs_key) if the data is smaller than\nthe netlink header. Check that the attribute is OK first.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37789" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37782", "notes": [ { "category": "description", "text": "[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved:\nhfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37782" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37780", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nisofs: Prevent the use of too small fid\nsyzbot reported a slab-out-of-bounds Read in isofs_fh_to_parent. [1]\nThe handle_bytes value passed in by the reproducing program is equal to 12.\nIn handle_to_path(), only 12 bytes of memory are allocated for the structure\nfile_handle->f_handle member, which causes an out-of-bounds access when\naccessing the member parent_block of the structure isofs_fid in isofs,\nbecause accessing parent_block requires at least 16 bytes of f_handle.\nHere, fh_len is used to indirectly confirm that the value of handle_bytes\nis greater than 3 before accessing parent_block.\n[1]\nBUG: KASAN: slab-out-of-bounds in isofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nRead of size 4 at addr ffff0000cc030d94 by task syz-executor215/6466\nCPU: 1 UID: 0 PID: 6466 Comm: syz-executor215 Not tainted 6.14.0-rc7-syzkaller-ga2392f333575 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall trace:\nshow_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:466 (C)\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0xe4/0x150 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0x198/0x550 mm/kasan/report.c:521\nkasan_report+0xd8/0x138 mm/kasan/report.c:634\n__asan_report_load4_noabort+0x20/0x2c mm/kasan/report_generic.c:380\nisofs_fh_to_parent+0x1b8/0x210 fs/isofs/export.c:183\nexportfs_decode_fh_raw+0x2dc/0x608 fs/exportfs/expfs.c:523\ndo_handle_to_path+0xa0/0x198 fs/fhandle.c:257\nhandle_to_path fs/fhandle.c:385 [inline]\ndo_handle_open+0x8cc/0xb8c fs/fhandle.c:403\n__do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n__se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n__arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\nel0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\nel0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600\nAllocated by task 6466:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x40/0x78 mm/kasan/common.c:68\nkasan_save_alloc_info+0x40/0x50 mm/kasan/generic.c:562\npoison_kmalloc_redzone mm/kasan/common.c:377 [inline]\n__kasan_kmalloc+0xac/0xc4 mm/kasan/common.c:394\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__do_kmalloc_node mm/slub.c:4294 [inline]\n__kmalloc_noprof+0x32c/0x54c mm/slub.c:4306\nkmalloc_noprof include/linux/slab.h:905 [inline]\nhandle_to_path fs/fhandle.c:357 [inline]\ndo_handle_open+0x5a4/0xb8c fs/fhandle.c:403\n__do_sys_open_by_handle_at fs/fhandle.c:443 [inline]\n__se_sys_open_by_handle_at fs/fhandle.c:434 [inline]\n__arm64_sys_open_by_handle_at+0x80/0x94 fs/fhandle.c:434\n__invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]\ninvoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49\nel0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132\ndo_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151\nel0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744\nel0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762\nel0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37780" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37758", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()\ndevm_ioremap() returns NULL on error. Currently, pxa_ata_probe() does\nnot check for this case, which can result in a NULL pointer dereference.\nAdd NULL check after devm_ioremap() to prevent this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37758" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37757", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntipc: fix memory leak in tipc_link_xmit\nIn case the backlog transmit queue for system-importance messages is overloaded,\ntipc_link_xmit() returns -ENOBUFS but the skb list is not purged. This leads to\nmemory leak and failure when a skb is allocated.\nThis commit fixes this issue by purging the skb list before tipc_link_xmit()\nreturns.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37757" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37749", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: ppp: Add bound checking for skb data on ppp_sync_txmung\nEnsure we have enough data in linear buffer from skb before accessing\ninitial bytes. This prevents potential out-of-bounds accesses\nwhen processing short packets.\nWhen ppp_sync_txmung receives an incoming package with an empty\npayload:\n(remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header)\n$18 = {\ntype = 0x1,\nver = 0x1,\ncode = 0x0,\nsid = 0x2,\nlength = 0x0,\ntag = 0xffff8880371cdb96\n}\nfrom the skb struct (trimmed)\ntail = 0x16,\nend = 0x140,\nhead = 0xffff88803346f400 \"4\",\ndata = 0xffff88803346f416 \":\\377\",\ntruesize = 0x380,\nlen = 0x0,\ndata_len = 0x0,\nmac_len = 0xe,\nhdr_len = 0x0,\nit is not safe to access data[2].\n[pabeni@redhat.com: fixed subj typo]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37749" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37741", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: Prevent copying of nlink with value 0 from disk inode\nsyzbot report a deadlock in diFree. [1]\nWhen calling \"ioctl$LOOP_SET_STATUS64\", the offset value passed in is 4,\nwhich does not match the mounted loop device, causing the mapping of the\nmounted loop device to be invalidated.\nWhen creating the directory and creating the inode of iag in diReadSpecial(),\nread the page of fixed disk inode (AIT) in raw mode in read_metapage(), the\nmetapage data it returns is corrupted, which causes the nlink value of 0 to be\nassigned to the iag inode when executing copy_from_dinode(), which ultimately\ncauses a deadlock when entering diFree().\nTo avoid this, first check the nlink value of dinode before setting iag inode.\n[1]\nWARNING: possible recursive locking detected\n6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 Not tainted\n--------------------------------------------\nsyz-executor301/5309 is trying to acquire lock:\nffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\nbut task is already holding lock:\nffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0\n----\nlock(&(imap->im_aglock[index]));\nlock(&(imap->im_aglock[index]));\n*** DEADLOCK ***\nMay be due to missing lock nesting notation\n5 locks held by syz-executor301/5309:\n#0: ffff8880422a4420 (sb_writers#9){.+.+}-{0:0}, at: mnt_want_write+0x3f/0x90 fs/namespace.c:515\n#1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: inode_lock_nested include/linux/fs.h:850 [inline]\n#1: ffff88804755b390 (&type->i_mutex_dir_key#6/1){+.+.}-{3:3}, at: filename_create+0x260/0x540 fs/namei.c:4026\n#2: ffff888044548920 (&(imap->im_aglock[index])){+.+.}-{3:3}, at: diAlloc+0x1b6/0x1630\n#3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2460 [inline]\n#3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n#3: ffff888044548890 (&imap->im_freelock){+.+.}-{3:3}, at: diAllocAG+0x4b7/0x1e50 fs/jfs/jfs_imap.c:1669\n#4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diNewIAG fs/jfs/jfs_imap.c:2477 [inline]\n#4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocExt fs/jfs/jfs_imap.c:1905 [inline]\n#4: ffff88804755a618 (&jfs_ip->rdwrlock/1){++++}-{3:3}, at: diAllocAG+0x869/0x1e50 fs/jfs/jfs_imap.c:1669\nstack backtrace:\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor301 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nprint_deadlock_bug+0x483/0x620 kernel/locking/lockdep.c:3037\ncheck_deadlock kernel/locking/lockdep.c:3089 [inline]\nvalidate_chain+0x15e2/0x5920 kernel/locking/lockdep.c:3891\n__lock_acquire+0x1384/0x2050 kernel/locking/lockdep.c:5202\nlock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825\n__mutex_lock_common kernel/locking/mutex.c:608 [inline]\n__mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752\ndiFree+0x37c/0x2fb0 fs/jfs/jfs_imap.c:889\njfs_evict_inode+0x32d/0x440 fs/jfs/inode.c:156\nevict+0x4e8/0x9b0 fs/inode.c:725\ndiFreeSpecial fs/jfs/jfs_imap.c:552 [inline]\nduplicateIXtree+0x3c6/0x550 fs/jfs/jfs_imap.c:3022\ndiNewIAG fs/jfs/jfs_imap.c:2597 [inline]\ndiAllocExt fs/jfs/jfs_imap.c:1905 [inline]\ndiAllocAG+0x17dc/0x1e50 fs/jfs/jfs_imap.c:1669\ndiAlloc+0x1d2/0x1630 fs/jfs/jfs_imap.c:1590\nialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56\njfs_mkdir+0x1c5/0xba0 fs/jfs/namei.c:225\nvfs_mkdir+0x2f9/0x4f0 fs/namei.c:4257\ndo_mkdirat+0x264/0x3a0 fs/namei.c:4280\n__do_sys_mkdirat fs/namei.c:4295 [inline]\n__se_sys_mkdirat fs/namei.c:4293 [inline]\n__x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4293\ndo_syscall_x64 arch/x86/en\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37741" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37740", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: add sanity check for agwidth in dbMount\nThe width in dmapctl of the AG is zero, it trigger a divide error when\ncalculating the control page level in dbAllocAG.\nTo avoid this issue, add a check for agwidth in dbAllocAG.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37740" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-23150", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\next4: fix off-by-one error in do_split\nSyzkaller detected a use-after-free issue in ext4_insert_dentry that was\ncaused by out-of-bounds access due to incorrect splitting in do_split.\nBUG: KASAN: use-after-free in ext4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nWrite of size 251 at addr ffff888074572f14 by task syz-executor335/5847\nCPU: 0 UID: 0 PID: 5847 Comm: syz-executor335 Not tainted 6.12.0-rc6-syzkaller-00318-ga9cda7c0ffed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:377 [inline]\nprint_report+0x169/0x550 mm/kasan/report.c:488\nkasan_report+0x143/0x180 mm/kasan/report.c:601\nkasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n__asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\next4_insert_dentry+0x36a/0x6d0 fs/ext4/namei.c:2109\nadd_dirent_to_buf+0x3d9/0x750 fs/ext4/namei.c:2154\nmake_indexed_dir+0xf98/0x1600 fs/ext4/namei.c:2351\next4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2455\next4_add_nondir+0x8d/0x290 fs/ext4/namei.c:2796\next4_symlink+0x920/0xb50 fs/ext4/namei.c:3431\nvfs_symlink+0x137/0x2e0 fs/namei.c:4615\ndo_symlinkat+0x222/0x3a0 fs/namei.c:4641\n__do_sys_symlink fs/namei.c:4662 [inline]\n__se_sys_symlink fs/namei.c:4660 [inline]\n__x64_sys_symlink+0x7a/0x90 fs/namei.c:4660\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe following loop is located right above 'if' statement.\nfor (i = count-1; i >= 0; i--) {\n/* is more than half of this entry in 2nd half of the block? */\nif (size + map[i].size/2 > blocksize/2)\nbreak;\nsize += map[i].size;\nmove++;\n}\n'i' in this case could go down to -1, in which case sum of active entries\nwouldn't exceed half the block size, but previous behaviour would also do\nsplit in half if sum would exceed at the very last block, which in case of\nhaving too many long name files in a single block could lead to\nout-of-bounds access and following use-after-free.\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23150" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-23147", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ni3c: Add NULL pointer check in i3c_master_queue_ibi()\nThe I3C master driver may receive an IBI from a target device that has not\nbeen probed yet. In such cases, the master calls `i3c_master_queue_ibi()`\nto queue an IBI work task, leading to \"Unable to handle kernel read from\nunreadable memory\" and resulting in a kernel panic.\nTypical IBI handling flow:\n1. The I3C master scans target devices and probes their respective drivers.\n2. The target device driver calls `i3c_device_request_ibi()` to enable IBI\nand assigns `dev->ibi = ibi`.\n3. The I3C master receives an IBI from the target device and calls\n`i3c_master_queue_ibi()` to queue the target device driver’s IBI\nhandler task.\nHowever, since target device events are asynchronous to the I3C probe\nsequence, step 3 may occur before step 2, causing `dev->ibi` to be `NULL`,\nleading to a kernel panic.\nAdd a NULL pointer check in `i3c_master_queue_ibi()` to prevent accessing\nan uninitialized `dev->ibi`, ensuring stability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23147" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-23142", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsctp: detect and prevent references to a freed transport in sendmsg\nsctp_sendmsg() re-uses associations and transports when possible by\ndoing a lookup based on the socket endpoint and the message destination\naddress, and then sctp_sendmsg_to_asoc() sets the selected transport in\nall the message chunks to be sent.\nThere's a possible race condition if another thread triggers the removal\nof that selected transport, for instance, by explicitly unbinding an\naddress with setsockopt(SCTP_SOCKOPT_BINDX_REM), after the chunks have\nbeen set up and before the message is sent. This can happen if the send\nbuffer is full, during the period when the sender thread temporarily\nreleases the socket lock in sctp_wait_for_sndbuf().\nThis causes the access to the transport data in\nsctp_outq_select_transport(), when the association outqueue is flushed,\nto result in a use-after-free read.\nThis change avoids this scenario by having sctp_transport_free() signal\nthe freeing of the transport, tagging it as \"dead\". In order to do this,\nthe patch restores the \"dead\" bit in struct sctp_transport, which was\nremoved in\ncommit 47faa1e4c50e (\"sctp: remove the dead field of sctp_transport\").\nThen, in the scenario where the sender thread has released the socket\nlock in sctp_wait_for_sndbuf(), the bit is checked again after\nre-acquiring the socket lock to detect the deletion. This is done while\nholding a reference to the transport to prevent it from being freed in\nthe process.\nIf the transport was deleted while the socket lock was relinquished,\nsctp_sendmsg_to_asoc() will return -EAGAIN to let userspace retry the\nsend.\nThe bug was found by a private syzbot instance (see the error report [1]\nand the C reproducer that triggers it [2]).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23142" } ], "release_date": "2025-05-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22086", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow\nWhen cur_qp isn't NULL, in order to avoid fetching the QP from\nthe radix tree again we check if the next cqe QP is identical to\nthe one we already have.\nThe bug however is that we are checking if the QP is identical by\nchecking the QP number inside the CQE against the QP number inside the\nmlx5_ib_qp, but that's wrong since the QP number from the CQE is from\nFW so it should be matched against mlx5_core_qp which is our FW QP\nnumber.\nOtherwise we could use the wrong QP when handling a CQE which could\ncause the kernel trace below.\nThis issue is mainly noticeable over QPs 0 & 1, since for now they are\nthe only QPs in our driver whereas the QP number inside mlx5_ib_qp\ndoesn't match the QP number inside mlx5_core_qp.\nBUG: kernel NULL pointer dereference, address: 0000000000000012\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP\nCPU: 0 UID: 0 PID: 7927 Comm: kworker/u62:1 Not tainted 6.14.0-rc3+ #189\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nWorkqueue: ib-comp-unb-wq ib_cq_poll_work [ib_core]\nRIP: 0010:mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\nCode: 03 00 00 8d 58 ff 21 cb 66 39 d3 74 39 48 c7 c7 3c 89 6e a0 0f b7 db e8 b7 d2 b3 e0 49 8b 86 60 03 00 00 48 c7 c7 4a 89 6e a0 <0f> b7 5c 98 02 e8 9f d2 b3 e0 41 0f b7 86 78 03 00 00 83 e8 01 21\nRSP: 0018:ffff88810511bd60 EFLAGS: 00010046\nRAX: 0000000000000010 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffff88885fa1b3c0 RDI: ffffffffa06e894a\nRBP: 00000000000000b0 R08: 0000000000000000 R09: ffff88810511bc10\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff88810d593000\nR13: ffff88810e579108 R14: ffff888105146000 R15: 00000000000000b0\nFS: 0000000000000000(0000) GS:ffff88885fa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000012 CR3: 00000001077e6001 CR4: 0000000000370eb0\nCall Trace:\n\n? __die+0x20/0x60\n? page_fault_oops+0x150/0x3e0\n? exc_page_fault+0x74/0x130\n? asm_exc_page_fault+0x22/0x30\n? mlx5_ib_poll_cq+0x4c7/0xd90 [mlx5_ib]\n__ib_process_cq+0x5a/0x150 [ib_core]\nib_cq_poll_work+0x31/0x90 [ib_core]\nprocess_one_work+0x169/0x320\nworker_thread+0x288/0x3a0\n? work_busy+0xb0/0xb0\nkthread+0xd7/0x1f0\n? kthreads_online_cpu+0x130/0x130\n? kthreads_online_cpu+0x130/0x130\nret_from_fork+0x2d/0x50\n? kthreads_online_cpu+0x130/0x130\nret_from_fork_asm+0x11/0x20\n", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22086" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22079", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nocfs2: validate l_tree_depth to avoid out-of-bounds access\nThe l_tree_depth field is 16-bit (__le16), but the actual maximum depth is\nlimited to OCFS2_MAX_PATH_DEPTH.\nAdd a check to prevent out-of-bounds access if l_tree_depth has an invalid\nvalue, which may occur when reading from a corrupted mounted disk [1].", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22079" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22073", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nspufs: fix a leak on spufs_new_file() failure\nIt's called from spufs_fill_dir(), and caller of that will do\nspufs_rmdir() in case of failure. That does remove everything\nwe'd managed to create, but... the problem dentry is still\nnegative. IOW, it needs to be explicitly dropped.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22073" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22071", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nspufs: fix a leak in spufs_create_context()\nLeak fixes back in 2008 missed one case - if we are trying to set affinity\nand spufs_mkdir() fails, we need to drop the reference to neighbor.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22071" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22054", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\narcnet: Add NULL check in com20020pci_probe()\n\ndevm_kasprintf() returns NULL when memory allocation fails. Currently,\ncom20020pci_probe() does not check for this case, which results in a\nNULL pointer dereference.\n\nAdd NULL check after devm_kasprintf() to prevent this issue and ensure\nno resources are left allocated.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22054" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa", "url": "https://git.kernel.org/stable/c/661cf5d102949898c931e81fd4e1c773afcdeafa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4", "url": "https://git.kernel.org/stable/c/887226163504494ea7e58033a97c2d2ab12e05d4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d", "url": "https://git.kernel.org/stable/c/905a34dc1ad9a53a8aaaf8a759ea5dbaaa30418d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e", "url": "https://git.kernel.org/stable/c/a654f31b33515d39bb56c75fd8b26bef025ced7e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179", "url": "https://git.kernel.org/stable/c/be8a0decd0b59a52a07276f9ef3b33ef820b2179" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3", "url": "https://git.kernel.org/stable/c/ebebeb58d48e25525fa654f2c53a24713fe141c3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547", "url": "https://git.kernel.org/stable/c/ececf8eff6c25acc239fa8f0fd837c76bc770547" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2", "url": "https://git.kernel.org/stable/c/ef8b29398ea6061ac8257f3e45c9be45cc004ce2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3", "url": "https://git.kernel.org/stable/c/fda8c491db2a90ff3e6fbbae58e495b4ddddeca3" } ], "release_date": "2025-04-16T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22047", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nx86/microcode/AMD: Fix __apply_microcode_amd()'s return value\nWhen verify_sha256_digest() fails, __apply_microcode_amd() should propagate\nthe failure by returning false (and not -1 which is promoted to true).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22047" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22035", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntracing: Fix use-after-free in print_graph_function_flags during tracer switching\nKairui reported a UAF issue in print_graph_function_flags() during\nftrace stress testing [1]. This issue can be reproduced if puting a\n'mdelay(10)' after 'mutex_unlock(&trace_types_lock)' in s_start(),\nand executing the following script:\n$ echo function_graph > current_tracer\n$ cat trace > /dev/null &\n$ sleep 5 # Ensure the 'cat' reaches the 'mdelay(10)' point\n$ echo timerlat > current_tracer\nThe root cause lies in the two calls to print_graph_function_flags\nwithin print_trace_line during each s_show():\n* One through 'iter->trace->print_line()';\n* Another through 'event->funcs->trace()', which is hidden in\nprint_trace_fmt() before print_trace_line returns.\nTracer switching only updates the former, while the latter continues\nto use the print_line function of the old tracer, which in the script\nabove is print_graph_function_flags.\nMoreover, when switching from the 'function_graph' tracer to the\n'timerlat' tracer, s_start only calls graph_trace_close of the\n'function_graph' tracer to free 'iter->private', but does not set\nit to NULL. This provides an opportunity for 'event->funcs->trace()'\nto use an invalid 'iter->private'.\nTo fix this issue, set 'iter->private' to NULL immediately after\nfreeing it in graph_trace_close(), ensuring that an invalid pointer\nis not passed to other tracers. Additionally, clean up the unnecessary\n'iter->private = NULL' during each 'cat trace' when using wakeup and\nirqsoff tracers.\n[1] https://lore.kernel.org/all/20231112150030.84609-1-ryncsn@gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22035" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22021", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: socket: Lookup orig tuple for IPv6 SNAT\nnf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to\nrestore the original 5-tuple in case of SNAT, to be able to find the\nright socket (if any). Then socket_match() can correctly check whether\nthe socket was transparent.\nHowever, the IPv6 counterpart (nf_sk_lookup_slow_v6) lacks this\nconntrack lookup, making xt_socket fail to match on the socket when the\npacket was SNATed. Add the same logic to nf_sk_lookup_slow_v6.\nIPv6 SNAT is used in Kubernetes clusters for pod-to-world packets, as\npods' addresses are in the fd00::/8 ULA subnet and need to be replaced\nwith the node's external address. Cilium leverages Envoy to enforce L7\npolicies, and Envoy uses transparent sockets. Cilium inserts an iptables\nprerouting rule that matches on `-m socket --transparent` and redirects\nthe packets to localhost, but it fails to match SNATed IPv6 packets due\nto that missing conntrack lookup.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22021" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22007", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix error code in chan_alloc_skb_cb()\n\nThe chan_alloc_skb_cb() function is supposed to return error pointers on\nerror. Returning NULL will lead to a NULL dereference.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22007" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1bd68db7beb426ab5a45d81516ed9611284affc8", "url": "https://git.kernel.org/stable/c/1bd68db7beb426ab5a45d81516ed9611284affc8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72d061ee630d0dbb45c2920d8d19b3861c413e54", "url": "https://git.kernel.org/stable/c/72d061ee630d0dbb45c2920d8d19b3861c413e54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/761b7c36addd22c7e6ceb05caaadc3b062d99faa", "url": "https://git.kernel.org/stable/c/761b7c36addd22c7e6ceb05caaadc3b062d99faa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/76304cba8cba12bb10d89d016c28403a2dd89a29", "url": "https://git.kernel.org/stable/c/76304cba8cba12bb10d89d016c28403a2dd89a29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/788ae2ae4cf484e248b5bc29211c7ac6510e3e92", "url": "https://git.kernel.org/stable/c/788ae2ae4cf484e248b5bc29211c7ac6510e3e92" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a78692ec0d1e17a96b09f2349a028878f5b305e4", "url": "https://git.kernel.org/stable/c/a78692ec0d1e17a96b09f2349a028878f5b305e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b3d607e36fef4bd05fb938a8a868ff70e9fedbe2", "url": "https://git.kernel.org/stable/c/b3d607e36fef4bd05fb938a8a868ff70e9fedbe2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ecd06ad0823a90b4420c377ef8917e44e23ee841", "url": "https://git.kernel.org/stable/c/ecd06ad0823a90b4420c377ef8917e44e23ee841" } ], "release_date": "2025-04-03T08:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22004", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atm: fix use after free in lec_send()\nThe ->send() operation frees skb so save the length before calling\n->send() to avoid a use after free.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22004" } ], "release_date": "2025-04-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21996", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()\n\nOn the off chance that command stream passed from userspace via\nioctl() call to radeon_vce_cs_parse() is weirdly crafted and\nfirst command to execute is to encode (case 0x03000001), the function\nin question will attempt to call radeon_vce_cs_reloc() with size\nargument that has not been properly initialized. Specifically, 'size'\nwill point to 'tmp' variable before the latter had a chance to be\nassigned any value.\n\nPlay it safe and init 'tmp' with 0, thus ensuring that\nradeon_vce_cs_reloc() will catch an early error in cases like these.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.\n\n(cherry picked from commit 2d52de55f9ee7aaee0e09ac443f77855989c6b68)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21996" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0effb378ebce52b897f85cd7f828854b8c7cb636", "url": "https://git.kernel.org/stable/c/0effb378ebce52b897f85cd7f828854b8c7cb636" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8", "url": "https://git.kernel.org/stable/c/3ce08215cad55c10a6eeeb33d3583b6cfffe3ab8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5b4d9d20fd455a97920cf158dd19163b879cf65d", "url": "https://git.kernel.org/stable/c/5b4d9d20fd455a97920cf158dd19163b879cf65d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69", "url": "https://git.kernel.org/stable/c/78b07dada3f02f77762d0755a96d35f53b02be69" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9b2da9c673a0da1359a2151f7ce773e2f77d71a9", "url": "https://git.kernel.org/stable/c/9b2da9c673a0da1359a2151f7ce773e2f77d71a9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713", "url": "https://git.kernel.org/stable/c/dd1801aa01bba1760357f2a641346ae149686713" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c", "url": "https://git.kernel.org/stable/c/dd8689b52a24807c2d5ce0a17cb26dc87f75235c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8", "url": "https://git.kernel.org/stable/c/f5e049028124f755283f2c07e7a3708361ed1dc8" } ], "release_date": "2025-04-03T08:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21993", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()\n\nWhen performing an iSCSI boot using IPv6, iscsistart still reads the\n/sys/firmware/ibft/ethernetX/subnet-mask entry. Since the IPv6 prefix\nlength is 64, this causes the shift exponent to become negative,\ntriggering a UBSAN warning. As the concept of a subnet mask does not\napply to IPv6, the value is set to ~0 to suppress the warning message.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21993" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5", "url": "https://git.kernel.org/stable/c/07e0d99a2f701123ad3104c0f1a1e66bce74d6e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d", "url": "https://git.kernel.org/stable/c/2d1eef248107bdf3d5a69d0fde04c30a79a7bf5d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c", "url": "https://git.kernel.org/stable/c/9bfa80c8aa4e06dff55a953c3fffbfc68a3a3b1c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70", "url": "https://git.kernel.org/stable/c/a858cd58dea06cf85b142673deea8c5d87f11e70" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb", "url": "https://git.kernel.org/stable/c/b253660fac5e0e9080d2c95e3a029e1898d49afb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f", "url": "https://git.kernel.org/stable/c/b388e185bfad32bfed6a97a6817f74ca00a4318f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab", "url": "https://git.kernel.org/stable/c/c1c6e527470e5eab0b2d57bd073530fbace39eab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940", "url": "https://git.kernel.org/stable/c/f763c82db8166e28f45b7cc4a5398a7859665940" } ], "release_date": "2025-04-02T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21992", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nHID: ignore non-functional sensor in HP 5MP Camera\nThe HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that\nis not actually implemented. Attempting to access this non-functional\nsensor via iio_info causes system hangs as runtime PM tries to wake up\nan unresponsive sensor.\n[453] hid-sensor-hub 0003:0408:5473.0003: Report latency attributes: ffffffff:ffffffff\n[453] hid-sensor-hub 0003:0408:5473.0003: common attributes: 5:1, 2:1, 3:1 ffffffff:ffffffff\nAdd this device to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21992" } ], "release_date": "2025-04-02T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21991", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes\n\nCurrently, load_microcode_amd() iterates over all NUMA nodes, retrieves their\nCPU masks and unconditionally accesses per-CPU data for the first CPU of each\nmask.\n\nAccording to Documentation/admin-guide/mm/numaperf.rst:\n\n \"Some memory may share the same node as a CPU, and others are provided as\n memory only nodes.\"\n\nTherefore, some node CPU masks may be empty and wouldn't have a \"first CPU\".\n\nOn a machine with far memory (and therefore CPU-less NUMA nodes):\n- cpumask_of_node(nid) is 0\n- cpumask_first(0) is CONFIG_NR_CPUS\n- cpu_data(CONFIG_NR_CPUS) accesses the cpu_info per-CPU array at an\n index that is 1 out of bounds\n\nThis does not have any security implications since flashing microcode is\na privileged operation but I believe this has reliability implications by\npotentially corrupting memory while flashing a microcode update.\n\nWhen booting with CONFIG_UBSAN_BOUNDS=y on an AMD machine that flashes\na microcode update. I get the following splat:\n\n UBSAN: array-index-out-of-bounds in arch/x86/kernel/cpu/microcode/amd.c:X:Y\n index 512 is out of range for type 'unsigned long[512]'\n [...]\n Call Trace:\n dump_stack\n __ubsan_handle_out_of_bounds\n load_microcode_amd\n request_microcode_amd\n reload_store\n kernfs_fop_write_iter\n vfs_write\n ksys_write\n do_syscall_64\n entry_SYSCALL_64_after_hwframe\n\nChange the loop to go over only NUMA nodes which have CPUs before determining\nwhether the first CPU on the respective node needs microcode update.\n\n [ bp: Massage commit message, fix typo. ]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21991" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/18b5d857c6496b78ead2fd10001b81ae32d30cac", "url": "https://git.kernel.org/stable/c/18b5d857c6496b78ead2fd10001b81ae32d30cac" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/488ffc0cac38f203979f83634236ee53251ce593", "url": "https://git.kernel.org/stable/c/488ffc0cac38f203979f83634236ee53251ce593" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5ac295dfccb5b015493f86694fa13a0dde4d3665", "url": "https://git.kernel.org/stable/c/5ac295dfccb5b015493f86694fa13a0dde4d3665" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/985a536e04bbfffb1770df43c6470f635a6b1073", "url": "https://git.kernel.org/stable/c/985a536e04bbfffb1770df43c6470f635a6b1073" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d509c4731090ebd9bbdb72c70a2d70003ae81f4f", "url": "https://git.kernel.org/stable/c/d509c4731090ebd9bbdb72c70a2d70003ae81f4f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e3e89178a9f4a80092578af3ff3c8478f9187d59", "url": "https://git.kernel.org/stable/c/e3e89178a9f4a80092578af3ff3c8478f9187d59" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e686349cc19e800dac8971929089ba5ff59abfb0", "url": "https://git.kernel.org/stable/c/e686349cc19e800dac8971929089ba5ff59abfb0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ec52240622c4d218d0240079b7c1d3ec2328a9f4", "url": "https://git.kernel.org/stable/c/ec52240622c4d218d0240079b7c1d3ec2328a9f4" } ], "release_date": "2025-04-02T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21971", "cwe": { "id": "CWE-703", "name": "Improper Check or Handling of Exceptional Conditions" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet_sched: Prevent creation of classes with TC_H_ROOT\nThe function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination\ncondition when traversing up the qdisc tree to update parent backlog\ncounters. However, if a class is created with classid TC_H_ROOT, the\ntraversal terminates prematurely at this class instead of reaching the\nactual root qdisc, causing parent statistics to be incorrectly maintained.\nIn case of DRR, this could lead to a crash as reported by Mingi Cho.\nPrevent the creation of any Qdisc class with classid TC_H_ROOT\n(0xFFFFFFFF) across all qdisc types, as suggested by Jamal.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21971" } ], "release_date": "2025-04-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21959", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()\n\nSince commit b36e4523d4d5 (\"netfilter: nf_conncount: fix garbage\ncollection confirm race\"), `cpu` and `jiffies32` were introduced to\nthe struct nf_conncount_tuple.\n\nThe commit made nf_conncount_add() initialize `conn->cpu` and\n`conn->jiffies32` when allocating the struct.\nIn contrast, count_tree() was not changed to initialize them.\n\nBy commit 34848d5c896e (\"netfilter: nf_conncount: Split insert and\ntraversal\"), count_tree() was split and the relevant allocation\ncode now resides in insert_tree().\nInitialize `conn->cpu` and `conn->jiffies32` in insert_tree().\n\nBUG: KMSAN: uninit-value in find_or_evict net/netfilter/nf_conncount.c:117 [inline]\nBUG: KMSAN: uninit-value in __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143\n find_or_evict net/netfilter/nf_conncount.c:117 [inline]\n __nf_conncount_add+0xd9c/0x2850 net/netfilter/nf_conncount.c:143\n count_tree net/netfilter/nf_conncount.c:438 [inline]\n nf_conncount_count+0x82f/0x1e80 net/netfilter/nf_conncount.c:521\n connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72\n __nft_match_eval net/netfilter/nft_compat.c:403 [inline]\n nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663\n NF_HOOK_LIST include/linux/netfilter.h:350 [inline]\n ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633\n ip_list_rcv+0x9ef/0xa40 net/ipv4/ip_input.c:669\n __netif_receive_skb_list_ptype net/core/dev.c:5936 [inline]\n __netif_receive_skb_list_core+0x15c5/0x1670 net/core/dev.c:5983\n __netif_receive_skb_list net/core/dev.c:6035 [inline]\n netif_receive_skb_list_internal+0x1085/0x1700 net/core/dev.c:6126\n netif_receive_skb_list+0x5a/0x460 net/core/dev.c:6178\n xdp_recv_frames net/bpf/test_run.c:280 [inline]\n xdp_test_run_batch net/bpf/test_run.c:361 [inline]\n bpf_test_run_xdp_live+0x2e86/0x3480 net/bpf/test_run.c:390\n bpf_prog_test_run_xdp+0xf1d/0x1ae0 net/bpf/test_run.c:1316\n bpf_prog_test_run+0x5e5/0xa30 kernel/bpf/syscall.c:4407\n __sys_bpf+0x6aa/0xd90 kernel/bpf/syscall.c:5813\n __do_sys_bpf kernel/bpf/syscall.c:5902 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5900 [inline]\n __ia32_sys_bpf+0xa0/0xe0 kernel/bpf/syscall.c:5900\n ia32_sys_call+0x394d/0x4180 arch/x86/include/generated/asm/syscalls_32.h:358\n do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]\n __do_fast_syscall_32+0xb0/0x110 arch/x86/entry/common.c:387\n do_fast_syscall_32+0x38/0x80 arch/x86/entry/common.c:412\n do_SYSENTER_32+0x1f/0x30 arch/x86/entry/common.c:450\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4121 [inline]\n slab_alloc_node mm/slub.c:4164 [inline]\n kmem_cache_alloc_noprof+0x915/0xe10 mm/slub.c:4171\n insert_tree net/netfilter/nf_conncount.c:372 [inline]\n count_tree net/netfilter/nf_conncount.c:450 [inline]\n nf_conncount_count+0x1415/0x1e80 net/netfilter/nf_conncount.c:521\n connlimit_mt+0x7f6/0xbd0 net/netfilter/xt_connlimit.c:72\n __nft_match_eval net/netfilter/nft_compat.c:403 [inline]\n nft_match_eval+0x1a5/0x300 net/netfilter/nft_compat.c:433\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x426/0x2290 net/netfilter/nf_tables_core.c:288\n nft_do_chain_ipv4+0x1a5/0x230 net/netfilter/nft_chain_filter.c:23\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626\n nf_hook_slow_list+0x24d/0x860 net/netfilter/core.c:663\n NF_HOOK_LIST include/linux/netfilter.h:350 [inline]\n ip_sublist_rcv+0x17b7/0x17f0 net/ipv4/ip_input.c:633\n ip_list_rcv+0x9ef/0xa40 net/ip\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21959" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a154ce766b995494e88d8d117fa82cc6b73dd87", "url": "https://git.kernel.org/stable/c/2a154ce766b995494e88d8d117fa82cc6b73dd87" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2db5baaf047a7c8d6ed5e2cc657b7854e155b7fc", "url": "https://git.kernel.org/stable/c/2db5baaf047a7c8d6ed5e2cc657b7854e155b7fc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a62a25c6ad58fae997f48a0749afeda1c252ae51", "url": "https://git.kernel.org/stable/c/a62a25c6ad58fae997f48a0749afeda1c252ae51" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d653bfeb07ebb3499c403404c21ac58a16531607", "url": "https://git.kernel.org/stable/c/d653bfeb07ebb3499c403404c21ac58a16531607" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db1e0c0856821c59a32ea3af79476bf20a6beeb2", "url": "https://git.kernel.org/stable/c/db1e0c0856821c59a32ea3af79476bf20a6beeb2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8544a5a97bee3674e7cd6bf0f3a4af517fa9146", "url": "https://git.kernel.org/stable/c/e8544a5a97bee3674e7cd6bf0f3a4af517fa9146" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f522229c5563b59b4240261e406779bba6754159", "url": "https://git.kernel.org/stable/c/f522229c5563b59b4240261e406779bba6754159" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fda50302a13701d47fbe01e1739c7a51114144fb", "url": "https://git.kernel.org/stable/c/fda50302a13701d47fbe01e1739c7a51114144fb" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21957", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla1280: Fix kernel oops when debug level > 2\n\nA null dereference or oops exception will eventually occur when qla1280.c\ndriver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I\nthink its clear from the code that the intention here is sg_dma_len(s) not\nlength of sg_next(s) when printing the debug info.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21957" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/11a8dac1177a596648a020a7f3708257a2f95fee", "url": "https://git.kernel.org/stable/c/11a8dac1177a596648a020a7f3708257a2f95fee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/24602e2664c515a4f2950d7b52c3d5997463418c", "url": "https://git.kernel.org/stable/c/24602e2664c515a4f2950d7b52c3d5997463418c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5233e3235dec3065ccc632729675575dbe3c6b8a", "url": "https://git.kernel.org/stable/c/5233e3235dec3065ccc632729675575dbe3c6b8a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ac2473e727d67a38266b2b7e55c752402ab588c", "url": "https://git.kernel.org/stable/c/7ac2473e727d67a38266b2b7e55c752402ab588c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af71ba921d08c241a817010f96458dc5e5e26762", "url": "https://git.kernel.org/stable/c/af71ba921d08c241a817010f96458dc5e5e26762" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/afa27b7c17a48e01546ccaad0ab017ad0496a522", "url": "https://git.kernel.org/stable/c/afa27b7c17a48e01546ccaad0ab017ad0496a522" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c737e2a5fb7f90b96a96121da1b50a9c74ae9b8c", "url": "https://git.kernel.org/stable/c/c737e2a5fb7f90b96a96121da1b50a9c74ae9b8c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea371d1cdefb0951c7127a33bcd7eb931cf44571", "url": "https://git.kernel.org/stable/c/ea371d1cdefb0951c7127a33bcd7eb931cf44571" } ], "release_date": "2025-04-01T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-21956", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/amd/display: Assign normalized_pix_clk when color depth = 14\n[WHY & HOW]\nA warning message \"WARNING: CPU: 4 PID: 459 at ... /dc_resource.c:3397\ncalculate_phy_pix_clks+0xef/0x100 [amdgpu]\" occurs because the\ndisplay_color_depth == COLOR_DEPTH_141414 is not handled. This is\nobserved in Radeon RX 6600 XT.\nIt is fixed by assigning pix_clk * (14 * 3) / 24 - same as the rests.\nAlso fixes the indentation in get_norm_pix_clk.\n(cherry picked from commit 274a87eb389f58eddcbc5659ab0b180b37e92775)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21956" } ], "release_date": "2025-04-01T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-58093", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nPCI/ASPM: Fix link state exit during switch upstream function removal\nBefore 456d8aa37d0f (\"PCI/ASPM: Disable ASPM on MFD function removal to\navoid use-after-free\"), we would free the ASPM link only after the last\nfunction on the bus pertaining to the given link was removed.\nThat was too late. If function 0 is removed before sibling function,\nlink->downstream would point to free'd memory after.\nAfter above change, we freed the ASPM parent link state upon any function\nremoval on the bus pertaining to a given link.\nThat is too early. If the link is to a PCIe switch with MFD on the upstream\nport, then removing functions other than 0 first would free a link which\nstill remains parent_link to the remaining downstream ports.\nThe resulting GPFs are especially frequent during hot-unplug, because\npciehp removes devices on the link bus in reverse order.\nOn that switch, function 0 is the virtual P2P bridge to the internal bus.\nFree exactly when function 0 is removed -- before the parent link is\nobsolete, but after all subordinate links are gone.\n[kwilczynski: commit log]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-58093" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50146", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don't call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile->cleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\n [ 745.551290] Call Trace:\n [ 745.551590] \n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50146" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3955b77494c3c7d14873b1db67e7e00c46a714db", "url": "https://git.kernel.org/stable/c/3955b77494c3c7d14873b1db67e7e00c46a714db" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0", "url": "https://git.kernel.org/stable/c/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d6fe973c8873c998734a050f366b28facc03d32a", "url": "https://git.kernel.org/stable/c/d6fe973c8873c998734a050f366b28facc03d32a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db84cb4c8c565e6d4de84b23c2818b63991adfdd", "url": "https://git.kernel.org/stable/c/db84cb4c8c565e6d4de84b23c2818b63991adfdd" } ], "release_date": "2024-11-07T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50001", "cwe": { "id": "CWE-755", "name": "Improper Handling of Exceptional Conditions" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix error path in multi-packet WQE transmit\n\nRemove the erroneous unmap in case no DMA mapping was established\n\nThe multi-packet WQE transmit code attempts to obtain a DMA mapping for\nthe skb. This could fail, e.g. under memory pressure, when the IOMMU\ndriver just can't allocate more memory for page tables. While the code\ntries to handle this in the path below the err_unmap label it erroneously\nunmaps one entry from the sq's FIFO list of active mappings. Since the\ncurrent map attempt failed this unmap is removing some random DMA mapping\nthat might still be required. If the PCI function now presents that IOVA,\nthe IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI\nfunction in error state.\n\nThe erroneous behavior was seen in a stress-test environment that created\nmemory pressure.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50001" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754", "url": "https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32", "url": "https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5", "url": "https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625", "url": "https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5", "url": "https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72", "url": "https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4", "url": "https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4" } ], "release_date": "2024-10-21T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-50000", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()\n\nIn mlx5e_tir_builder_alloc() kvzalloc() may return NULL\nwhich is dereferenced on the next line in a reference\nto the modify field.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50000" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0168ab6fbd9e50d20b97486168b604b2ab28a2ca", "url": "https://git.kernel.org/stable/c/0168ab6fbd9e50d20b97486168b604b2ab28a2ca" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1bcc86cc721bea68980098f51f102aa2c2b9d932", "url": "https://git.kernel.org/stable/c/1bcc86cc721bea68980098f51f102aa2c2b9d932" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4655456a64a0f936098c8432bac64e7176bd2aff", "url": "https://git.kernel.org/stable/c/4655456a64a0f936098c8432bac64e7176bd2aff" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4d80dde26d7bab1320210279483ac854dcb274b2", "url": "https://git.kernel.org/stable/c/4d80dde26d7bab1320210279483ac854dcb274b2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b", "url": "https://git.kernel.org/stable/c/b48ee5bb25c02ca2b81e0d16bf8af17ab6ed3f8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f25389e779500cf4a59ef9804534237841bce536", "url": "https://git.kernel.org/stable/c/f25389e779500cf4a59ef9804534237841bce536" } ], "release_date": "2024-10-21T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-38555", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Discard command completions in internal error\n\nFix use after free when FW completion arrives while device is in\ninternal error state. Avoid calling completion handler in this case,\nsince the device will flush the command interface and trigger all\ncompletions manually.\n\nKernel log:\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\n...\nRIP: 0010:refcount_warn_saturate+0xd8/0xe0\n...\nCall Trace:\n\n? __warn+0x79/0x120\n? refcount_warn_saturate+0xd8/0xe0\n? report_bug+0x17c/0x190\n? handle_bug+0x3c/0x60\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? refcount_warn_saturate+0xd8/0xe0\ncmd_ent_put+0x13b/0x160 [mlx5_core]\nmlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core]\ncmd_comp_notifier+0x1f/0x30 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nmlx5_eq_async_int+0xf6/0x290 [mlx5_core]\nnotifier_call_chain+0x35/0xb0\natomic_notifier_call_chain+0x16/0x20\nirq_int_handler+0x19/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x4b/0x160\nhandle_irq_event+0x2e/0x80\nhandle_edge_irq+0x98/0x230\n__common_interrupt+0x3b/0xa0\ncommon_interrupt+0x7b/0xa0\n\n\nasm_common_interrupt+0x22/0x40", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-38555" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb", "url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7", "url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0", "url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a", "url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396", "url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40", "url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3", "url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3" } ], "release_date": "2024-06-19T14:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-38541", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nof: module: add buffer overflow check in of_modalias()\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer's end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-38541" } ], "release_date": "2024-06-19T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-36350", "cwe": { "id": "CWE-99", "name": "Improper Control of Resource Identifiers ('Resource Injection')" }, "notes": [ { "category": "description", "text": "A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-36350" } ], "release_date": "2025-07-08T12:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-28956", "cwe": { "id": "CWE-1421", "name": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution" }, "notes": [ { "category": "description", "text": "Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-28956" } ], "release_date": "2025-05-13T21:02:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2023-6931", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-6931" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "category": "external", "summary": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b", "url": "https://kernel.dance/382c27f4ed28f803b1f1473ac2d8db0afc795a1b" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00005.html" } ], "release_date": "2023-12-19T14:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-53034", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans\nThere is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and\nsize. This would make xlate_pos negative.\n[ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000\n[ 23.734158] ================================================================================\n[ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7\n[ 23.734418] shift exponent -1 is negative\nEnsuring xlate_pos is a positive or zero before BIT.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-53034" } ], "release_date": "2025-04-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2023-52667", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: fix a potential double-free in fs_any_create_groups\n\nWhen kcalloc() for ft->g succeeds but kvzalloc() for in fails,\nfs_any_create_groups() will free ft->g. However, its caller\nfs_any_create_table() will free ft->g again through calling\nmlx5e_destroy_flow_table(), which will lead to a double-free.\nFix this by setting ft->g to NULL in fs_any_create_groups().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52667" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2897c981ee63e1be5e530b1042484626a10b26d8", "url": "https://git.kernel.org/stable/c/2897c981ee63e1be5e530b1042484626a10b26d8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/65a4ade8a6d205979292e88beeb6a626ddbd4779", "url": "https://git.kernel.org/stable/c/65a4ade8a6d205979292e88beeb6a626ddbd4779" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/72a729868592752b5a294d27453da264106983b1", "url": "https://git.kernel.org/stable/c/72a729868592752b5a294d27453da264106983b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/aef855df7e1bbd5aa4484851561211500b22707e", "url": "https://git.kernel.org/stable/c/aef855df7e1bbd5aa4484851561211500b22707e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2fa86b2aceb4bc9ada51cea90f61546d7512cbe", "url": "https://git.kernel.org/stable/c/b2fa86b2aceb4bc9ada51cea90f61546d7512cbe" } ], "release_date": "2024-05-17T14:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-48829", "cwe": { "id": "CWE-253", "name": "Incorrect Check of Function Return Value" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nNFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes\niattr::ia_size is a loff_t, so these NFSv3 procedures must be\ncareful to deal with incoming client size values that are larger\nthan s64_max without corrupting the value.\nSilently capping the value results in storing a different value\nthan the client passed in which is unexpected behavior, so remove\nthe min_t() check in decode_sattr3().\nNote that RFC 1813 permits only the WRITE procedure to return\nNFS3ERR_FBIG. We believe that NFSv3 reference implementations\nalso return NFS3ERR_FBIG when ia_size is too large.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48829" } ], "release_date": "2024-07-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2022-48828", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nNFSD: Fix ia_size underflow\niattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and\nNFSv4 both define file size as an unsigned 64-bit type. Thus there\nis a range of valid file size values an NFS client can send that is\nalready larger than Linux can handle.\nCurrently decode_fattr4() dumps a full u64 value into ia_size. If\nthat value happens to be larger than S64_MAX, then ia_size\nunderflows. I'm about to fix up the NFSv3 behavior as well, so let's\ncatch the underflow in the common code path: nfsd_setattr().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48828" } ], "release_date": "2024-07-16T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2022-48773", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create\n\nIf there are failures then we must not leave the non-NULL pointers with\nthe error value, otherwise `rpcrdma_ep_destroy` gets confused and tries\nfree them, resulting in an Oops.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48773" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0", "url": "https://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2526d4d8b209dc5ac1fbeb468149774888b2a141", "url": "https://git.kernel.org/stable/c/2526d4d8b209dc5ac1fbeb468149774888b2a141" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9921c866dc369577c3ebb9adf2383b01b58c18de", "url": "https://git.kernel.org/stable/c/9921c866dc369577c3ebb9adf2383b01b58c18de" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a9c10b5b3b67b3750a10c8b089b2e05f5e176e33", "url": "https://git.kernel.org/stable/c/a9c10b5b3b67b3750a10c8b089b2e05f5e176e33" } ], "release_date": "2024-07-16T12:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2021-47352", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: Add validation for used length\n\nThis adds validation for used length (might come\nfrom an untrusted device) to avoid data corruption\nor loss.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47352" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c", "url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758", "url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292", "url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462", "url": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813", "url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813" } ], "release_date": "2024-05-21T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-22005", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().\n\nfib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything\nwhen it fails.\n\nCommit 7dd73168e273 (\"ipv6: Always allocate pcpu memory in a fib6_nh\")\nmoved fib_nh_common_init() before alloc_percpu_gfp() within fib6_nh_init()\nbut forgot to add cleanup for fib6_nh->nh_common.nhc_pcpu_rth_output in\ncase it fails to allocate fib6_nh->rt6i_pcpu, resulting in memleak.\n\nLet's call fib_nh_common_release() and clear nhc_pcpu_rth_output in the\nerror path.\n\nNote that we can remove the fib6_nh_release() call in nh_create_ipv6()\nlater in net-next.git.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22005" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef", "url": "https://git.kernel.org/stable/c/119dcafe36795a15ae53351cbbd6177aaf94ffef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/16267a5036173d0173377545b4b6021b081d0933", "url": "https://git.kernel.org/stable/c/16267a5036173d0173377545b4b6021b081d0933" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1bd12dfc058e1e68759d313d7727d68dbc1b8964", "url": "https://git.kernel.org/stable/c/1bd12dfc058e1e68759d313d7727d68dbc1b8964" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6", "url": "https://git.kernel.org/stable/c/29d91820184d5cbc70f3246d4911d96eaeb930d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/596a883c4ce2d2e9c175f25b98fed3a1f33fea38", "url": "https://git.kernel.org/stable/c/596a883c4ce2d2e9c175f25b98fed3a1f33fea38" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3", "url": "https://git.kernel.org/stable/c/77c41cdbe6bce476e08d3251c0d501feaf10a9f3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98", "url": "https://git.kernel.org/stable/c/9740890ee20e01f99ff1dde84c63dcf089fabb98" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380", "url": "https://git.kernel.org/stable/c/d3d5b4b5ae263c3225db363ba08b937e2e2b0380" } ], "release_date": "2025-04-03T08:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-46855", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_socket: fix sk refcount leaks\n\nWe must put 'sk' reference before returning.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-46855" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/076d281e90aaf4192799ecb9a1ed82321e133ecd", "url": "https://git.kernel.org/stable/c/076d281e90aaf4192799ecb9a1ed82321e133ecd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11", "url": "https://git.kernel.org/stable/c/1f68e097e20d3c695281a9c6433acc37be47fe11" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896", "url": "https://git.kernel.org/stable/c/33c2258bf8cb17fba9e58b111d4c4f4cf43a4896" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6572440f78b724c46070841a68254ebc534cde24", "url": "https://git.kernel.org/stable/c/6572440f78b724c46070841a68254ebc534cde24" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715", "url": "https://git.kernel.org/stable/c/83e6fb59040e8964888afcaa5612cc1243736715" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c", "url": "https://git.kernel.org/stable/c/8b26ff7af8c32cb4148b3e147c52f9e4c695209c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a", "url": "https://git.kernel.org/stable/c/ddc7c423c4a5386bf865474c694b48178efd311a" } ], "release_date": "2024-09-27T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-37803", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nudmabuf: fix a buf size overflow issue during udmabuf creation\n\nby casting size_limit_mb to u64 when calculate pglimit.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37803" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f", "url": "https://git.kernel.org/stable/c/021ba7f1babd029e714d13a6bf2571b08af96d0f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9", "url": "https://git.kernel.org/stable/c/13fe12c037b470321436deec393030c6153cfeb9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a", "url": "https://git.kernel.org/stable/c/2b8419c6ecf69007dcff54ea0b9f0b215282c55a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33", "url": "https://git.kernel.org/stable/c/373512760e13fdaa726faa9502d0f5be2abb3d33" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe", "url": "https://git.kernel.org/stable/c/3f6c9d66e0f8eb9679b57913aa64b4d2266f6fbe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2", "url": "https://git.kernel.org/stable/c/b2ff4e9c599b000833d16a917f519aa2e4a75de2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f", "url": "https://git.kernel.org/stable/c/e84a08fc7e25cdad5d9a3def42cc770ff711193f" } ], "release_date": "2025-05-08T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37785", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix OOB read when checking dotdot dir\n\nMounting a corrupted filesystem with directory which contains '.' dir\nentry with rec_len == block size results in out-of-bounds read (later\non, when the corrupted directory is removed).\n\next4_empty_dir() assumes every ext4 directory contains at least '.'\nand '..' as directory entries in the first data block. It first loads\nthe '.' dir entry, performs sanity checks by calling ext4_check_dir_entry()\nand then uses its rec_len member to compute the location of '..' dir\nentry (in ext4_next_entry). It assumes the '..' dir entry fits into the\nsame data block.\n\nIf the rec_len of '.' is precisely one block (4KB), it slips through the\nsanity checks (it is considered the last directory entry in the data\nblock) and leaves \"struct ext4_dir_entry_2 *de\" point exactly past the\nmemory slot allocated to the data block. The following call to\next4_check_dir_entry() on new value of de then dereferences this pointer\nwhich results in out-of-bounds mem access.\n\nFix this by extending __ext4_check_dir_entry() to check for '.' dir\nentries that reach the end of data block. Make sure to ignore the phony\ndir entries for checksum (by checking name_len for non-zero).\n\nNote: This is reported by KASAN as use-after-free in case another\nstructure was recently freed from the slot past the bound, but it is\nreally an OOB read.\n\nThis issue was found by syzkaller tool.\n\nCall Trace:\n[ 38.594108] BUG: KASAN: slab-use-after-free in __ext4_check_dir_entry+0x67e/0x710\n[ 38.594649] Read of size 2 at addr ffff88802b41a004 by task syz-executor/5375\n[ 38.595158]\n[ 38.595288] CPU: 0 UID: 0 PID: 5375 Comm: syz-executor Not tainted 6.14.0-rc7 #1\n[ 38.595298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 38.595304] Call Trace:\n[ 38.595308] \n[ 38.595311] dump_stack_lvl+0xa7/0xd0\n[ 38.595325] print_address_description.constprop.0+0x2c/0x3f0\n[ 38.595339] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595349] print_report+0xaa/0x250\n[ 38.595359] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595368] ? kasan_addr_to_slab+0x9/0x90\n[ 38.595378] kasan_report+0xab/0xe0\n[ 38.595389] ? __ext4_check_dir_entry+0x67e/0x710\n[ 38.595400] __ext4_check_dir_entry+0x67e/0x710\n[ 38.595410] ext4_empty_dir+0x465/0x990\n[ 38.595421] ? __pfx_ext4_empty_dir+0x10/0x10\n[ 38.595432] ext4_rmdir.part.0+0x29a/0xd10\n[ 38.595441] ? __dquot_initialize+0x2a7/0xbf0\n[ 38.595455] ? __pfx_ext4_rmdir.part.0+0x10/0x10\n[ 38.595464] ? __pfx___dquot_initialize+0x10/0x10\n[ 38.595478] ? down_write+0xdb/0x140\n[ 38.595487] ? __pfx_down_write+0x10/0x10\n[ 38.595497] ext4_rmdir+0xee/0x140\n[ 38.595506] vfs_rmdir+0x209/0x670\n[ 38.595517] ? lookup_one_qstr_excl+0x3b/0x190\n[ 38.595529] do_rmdir+0x363/0x3c0\n[ 38.595537] ? __pfx_do_rmdir+0x10/0x10\n[ 38.595544] ? strncpy_from_user+0x1ff/0x2e0\n[ 38.595561] __x64_sys_unlinkat+0xf0/0x130\n[ 38.595570] do_syscall_64+0x5b/0x180\n[ 38.595583] entry_SYSCALL_64_after_hwframe+0x76/0x7e", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37785" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351", "url": "https://git.kernel.org/stable/c/14da7dbecb430e35b5889da8dae7bef33173b351" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842", "url": "https://git.kernel.org/stable/c/52a5509ab19a5d3afe301165d9b5787bba34d842" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00", "url": "https://git.kernel.org/stable/c/53bc45da8d8da92ec07877f5922b130562eb4b00" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93", "url": "https://git.kernel.org/stable/c/89503e5eae64637d0fa2218912b54660effe7d93" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b", "url": "https://git.kernel.org/stable/c/ac28c5684c1cdab650a7e5065b19e91577d37a4b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78", "url": "https://git.kernel.org/stable/c/b47584c556444cf7acb66b26a62cbc348eb92b78" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b", "url": "https://git.kernel.org/stable/c/b7531a4f99c3887439d778afaf418d1a01a5f01b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353", "url": "https://git.kernel.org/stable/c/d5e206778e96e8667d3bde695ad372c296dc9353" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4", "url": "https://git.kernel.org/stable/c/e47f472a664d70a3d104a6c2a035cdff55a719b4" } ], "release_date": "2025-04-18T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-22063", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets\n\nWhen calling netlbl_conn_setattr(), addr->sa_family is used\nto determine the function behavior. If sk is an IPv4 socket,\nbut the connect function is called with an IPv6 address,\nthe function calipso_sock_setattr() is triggered.\nInside this function, the following code is executed:\n\nsk_fullsock(__sk) ? inet_sk(__sk)->pinet6 : NULL;\n\nSince sk is an IPv4 socket, pinet6 is NULL, leading to a\nnull pointer dereference.\n\nThis patch fixes the issue by checking if inet6_sk(sk)\nreturns a NULL pointer before accessing pinet6.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22063" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/078aabd567de3d63d37d7673f714e309d369e6e2", "url": "https://git.kernel.org/stable/c/078aabd567de3d63d37d7673f714e309d369e6e2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/172a8a996a337206970467e871dd995ac07640b1", "url": "https://git.kernel.org/stable/c/172a8a996a337206970467e871dd995ac07640b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1927d0bcd5b81e80971bf6b8eba267508bd1c78b", "url": "https://git.kernel.org/stable/c/1927d0bcd5b81e80971bf6b8eba267508bd1c78b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1ad9166cab6a0f5c0b10344a97bdf749ae11dcbf", "url": "https://git.kernel.org/stable/c/1ad9166cab6a0f5c0b10344a97bdf749ae11dcbf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152", "url": "https://git.kernel.org/stable/c/1e38f7a6cdd68377f8a4189b2fbaec14a6dd5152" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3ba9cf69de50e8abed32b448616c313baa4c5712", "url": "https://git.kernel.org/stable/c/3ba9cf69de50e8abed32b448616c313baa4c5712" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/797e5371cf55463b4530bab3fef5f27f7c6657a8", "url": "https://git.kernel.org/stable/c/797e5371cf55463b4530bab3fef5f27f7c6657a8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9fe3839588db7519030377b7dee3f165e654f6c5", "url": "https://git.kernel.org/stable/c/9fe3839588db7519030377b7dee3f165e654f6c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a7e89541d05b98c79a51c0f95df020f8e82b62ed", "url": "https://git.kernel.org/stable/c/a7e89541d05b98c79a51c0f95df020f8e82b62ed" } ], "release_date": "2025-04-16T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22018", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Fix NULL pointer dereference\n\nWhen MPOA_cache_impos_rcvd() receives the msg, it can trigger\nNull Pointer Dereference Vulnerability if both entry and\nholding_time are NULL. Because there is only for the situation\nwhere entry is NULL and holding_time exists, it can be passed\nwhen both entry and holding_time are NULL. If these are NULL,\nthe entry will be passd to eg_cache_put() as parameter and\nit is referenced by entry->use code in it.\n\nkasan log:\n\n[ 3.316691] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006:I\n[ 3.317568] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037]\n[ 3.318188] CPU: 3 UID: 0 PID: 79 Comm: ex Not tainted 6.14.0-rc2 #102\n[ 3.318601] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n[ 3.319298] RIP: 0010:eg_cache_remove_entry+0xa5/0x470\n[ 3.319677] Code: c1 f7 6e fd 48 c7 c7 00 7e 38 b2 e8 95 64 54 fd 48 c7 c7 40 7e 38 b2 48 89 ee e80\n[ 3.321220] RSP: 0018:ffff88800583f8a8 EFLAGS: 00010006\n[ 3.321596] RAX: 0000000000000006 RBX: ffff888005989000 RCX: ffffffffaecc2d8e\n[ 3.322112] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000030\n[ 3.322643] RBP: 0000000000000000 R08: 0000000000000000 R09: fffffbfff6558b88\n[ 3.323181] R10: 0000000000000003 R11: 203a207972746e65 R12: 1ffff11000b07f15\n[ 3.323707] R13: dffffc0000000000 R14: ffff888005989000 R15: ffff888005989068\n[ 3.324185] FS: 000000001b6313c0(0000) GS:ffff88806d380000(0000) knlGS:0000000000000000\n[ 3.325042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 3.325545] CR2: 00000000004b4b40 CR3: 000000000248e000 CR4: 00000000000006f0\n[ 3.326430] Call Trace:\n[ 3.326725] \n[ 3.326927] ? die_addr+0x3c/0xa0\n[ 3.327330] ? exc_general_protection+0x161/0x2a0\n[ 3.327662] ? asm_exc_general_protection+0x26/0x30\n[ 3.328214] ? vprintk_emit+0x15e/0x420\n[ 3.328543] ? eg_cache_remove_entry+0xa5/0x470\n[ 3.328910] ? eg_cache_remove_entry+0x9a/0x470\n[ 3.329294] ? __pfx_eg_cache_remove_entry+0x10/0x10\n[ 3.329664] ? console_unlock+0x107/0x1d0\n[ 3.329946] ? __pfx_console_unlock+0x10/0x10\n[ 3.330283] ? do_syscall_64+0xa6/0x1a0\n[ 3.330584] ? entry_SYSCALL_64_after_hwframe+0x47/0x7f\n[ 3.331090] ? __pfx_prb_read_valid+0x10/0x10\n[ 3.331395] ? down_trylock+0x52/0x80\n[ 3.331703] ? vprintk_emit+0x15e/0x420\n[ 3.331986] ? __pfx_vprintk_emit+0x10/0x10\n[ 3.332279] ? down_trylock+0x52/0x80\n[ 3.332527] ? _printk+0xbf/0x100\n[ 3.332762] ? __pfx__printk+0x10/0x10\n[ 3.333007] ? _raw_write_lock_irq+0x81/0xe0\n[ 3.333284] ? __pfx__raw_write_lock_irq+0x10/0x10\n[ 3.333614] msg_from_mpoad+0x1185/0x2750\n[ 3.333893] ? __build_skb_around+0x27b/0x3a0\n[ 3.334183] ? __pfx_msg_from_mpoad+0x10/0x10\n[ 3.334501] ? __alloc_skb+0x1c0/0x310\n[ 3.334809] ? __pfx___alloc_skb+0x10/0x10\n[ 3.335283] ? _raw_spin_lock+0xe0/0xe0\n[ 3.335632] ? finish_wait+0x8d/0x1e0\n[ 3.335975] vcc_sendmsg+0x684/0xba0\n[ 3.336250] ? __pfx_vcc_sendmsg+0x10/0x10\n[ 3.336587] ? __pfx_autoremove_wake_function+0x10/0x10\n[ 3.337056] ? fdget+0x176/0x3e0\n[ 3.337348] __sys_sendto+0x4a2/0x510\n[ 3.337663] ? __pfx___sys_sendto+0x10/0x10\n[ 3.337969] ? ioctl_has_perm.constprop.0.isra.0+0x284/0x400\n[ 3.338364] ? sock_ioctl+0x1bb/0x5a0\n[ 3.338653] ? __rseq_handle_notify_resume+0x825/0xd20\n[ 3.339017] ? __pfx_sock_ioctl+0x10/0x10\n[ 3.339316] ? __pfx___rseq_handle_notify_resume+0x10/0x10\n[ 3.339727] ? selinux_file_ioctl+0xa4/0x260\n[ 3.340166] __x64_sys_sendto+0xe0/0x1c0\n[ 3.340526] ? syscall_exit_to_user_mode+0x123/0x140\n[ 3.340898] do_syscall_64+0xa6/0x1a0\n[ 3.341170] entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[ 3.341533] RIP: 0033:0x44a380\n[ 3.341757] Code: 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 41 89 ca 64 8b 04 25 18 00 00 00 85 c00\n[ \n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22018" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc", "url": "https://git.kernel.org/stable/c/09691f367df44fe93255274d80a439f9bb3263fc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc", "url": "https://git.kernel.org/stable/c/0ef6e49881b6b50ac454cb9d6501d009fdceb6fc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775", "url": "https://git.kernel.org/stable/c/14c7aca5ba2740973de27c1bb8df77b4dcb6f775" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679", "url": "https://git.kernel.org/stable/c/1505f9b720656b17865e4166ab002960162bf679" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013", "url": "https://git.kernel.org/stable/c/3c23bb2c894e9ef2727682f98c341b20f78c9013" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a", "url": "https://git.kernel.org/stable/c/9da6b6340dbcf0f60ae3ec6a7d6438337c32518a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d", "url": "https://git.kernel.org/stable/c/ab92f51c7f53a08f1a686bfb80690ebb3672357d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970", "url": "https://git.kernel.org/stable/c/bf2986fcf82a449441f9ee4335df19be19e83970" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f", "url": "https://git.kernel.org/stable/c/d7f1e4a53a51cc6ba833afcb40439f18dab61c1f" } ], "release_date": "2025-04-16T05:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22020", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22020" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469", "url": "https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d", "url": "https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632", "url": "https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21", "url": "https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841", "url": "https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050", "url": "https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185", "url": "https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439", "url": "https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab", "url": "https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab" } ], "release_date": "2025-04-16T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-23136", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: int340x: Add NULL check for adev\n\nNot all devices have an ACPI companion fwnode, so adev might be NULL.\nThis is similar to the commit cd2fd6eab480\n(\"platform/x86: int3472: Check for adev == NULL\").\n\nAdd a check for adev not being set and return -ENODEV in that case to\navoid a possible NULL pointer deref in int3402_thermal_probe().\n\nNote, under the same directory, int3400_thermal_probe() has such a\ncheck.\n\n[ rjw: Subject edit, added Fixes: ]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-23136" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c49f12c77b77a706fd41370c11910635e491845", "url": "https://git.kernel.org/stable/c/0c49f12c77b77a706fd41370c11910635e491845" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2542a3f70e563a9e70e7ded314286535a3321bdb", "url": "https://git.kernel.org/stable/c/2542a3f70e563a9e70e7ded314286535a3321bdb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3155d5261b518776d1b807d9d922669991bbee56", "url": "https://git.kernel.org/stable/c/3155d5261b518776d1b807d9d922669991bbee56" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6a810c462f099353e908c70619638884cb82229c", "url": "https://git.kernel.org/stable/c/6a810c462f099353e908c70619638884cb82229c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8e8f1ddf4186731649df8bc9646017369eb19186", "url": "https://git.kernel.org/stable/c/8e8f1ddf4186731649df8bc9646017369eb19186" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/953d28a4f459fcbde2d08f51aeca19d6b0f179f3", "url": "https://git.kernel.org/stable/c/953d28a4f459fcbde2d08f51aeca19d6b0f179f3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ac2eb7378319e3836cdf3a2c15a0bdf04c50e81d", "url": "https://git.kernel.org/stable/c/ac2eb7378319e3836cdf3a2c15a0bdf04c50e81d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bc7b5f782d28942dbdfda70df30ce132694a06de", "url": "https://git.kernel.org/stable/c/bc7b5f782d28942dbdfda70df30ce132694a06de" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d0d21c8e44216fa9afdb3809edf213f3c0a8c060", "url": "https://git.kernel.org/stable/c/d0d21c8e44216fa9afdb3809edf213f3c0a8c060" } ], "release_date": "2025-04-16T15:16:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] } ] }