{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "ASoC: topology: Clean up route loading {CVE-2024-41069}\n- ASoC: topology: Fix references to freed memory {CVE-2024-41069}\n- drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616}\n- Bluetooth: L2CAP: Fix not validating setsockopt user input {CVE-2024-35965}\n- Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() {CVE-2024-35965}\n- usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704}\n- igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332}\n- vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214}\n- Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966}\n- Bluetooth: SCO: Fix not validating setsockopt user input {CVE-2024-35966}\n- media: stk1160: fix bounds checking in stk1160_copy_video() {CVE-2024-38621}\n- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}\n- sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37932}\n- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798}\n- sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38350}\n- sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38350}\n- sch_htb: make htb_deactivate() idempotent {CVE-2025-38350}\n- sch_cbq: make cbq_qlen_notify() idempotent {CVE-2025-38000}\n- inet: fully convert sk->sk_rx_dst to RCU rules {CVE-2021-47103}\n- scsi: mpt3sas: Fix use-after-free warning {CVE-2022-48695}\n- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901}\n- vmci: prevent speculation leaks by sanitizing event in event_deliver() {CVE-2024-39499}\n- USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760}\n- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells {CVE-2021-47497}\n- virtio-net: Add validation for used length {CVE-2021-47352}\n- watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321}\n- scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978}\n- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929}\n- wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921}\n- mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961}\n- platform/x86: wmi: Fix opening of char device {CVE-2023-52864}\n- media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764}\n- wifi: mac80211: fix potential key use-after-free {CVE-2023-52530}\n- net: fix information leakage in /proc/net/ptype {CVE-2022-48757}\n- crypto: qat - resolve race condition during AER recovery {CVE-2024-26974}\n- perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835}\n- net: ti: fix UAF in tlan_remove_one {CVE-2021-47310}\n- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594}\n- net: bridge: use DEV_STATS_INC() {CVE-2023-52578}\n- net: add atomic_long_t to net_device_stats fields {CVE-2023-52578}\n- media: dvb-core: Fix use-after-free due to race at dvb_register_device() {CVE-2022-45884}\n- media: dvb-core: Fix use-after-free on race condition at dvb_frontend {CVE-2022-45885}\n- xen/gntalloc: don't use gnttab_query_foreign_access() {CVE-2022-23039}\n- xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037}\n- xen/grant-table: add gnttab_try_end_foreign_access() {CVE-2022-23038}\n- ovl: fail on invalid uid/gid mapping at copy up {CVE-2023-0386}\n- ALSA: oss: Fix PCM OSS buffer allocation overflow {CVE-2022-49292}\n- gfs2: Fix length of holes reported at end-of-file\n- gfs2: Only do glock put in gfs2_create_inode for free inodes\n- gfs2: Fix use-after-free in gfs2_logd after withdraw\n- gfs2: fix use-after-free in trans_drain\n- gfs2: Clean up revokes on normal withdraws\n- GFS2: gfs2_free_extlen can return an extent that is too long\n- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe\n- GFS2: Refactor gfs2_remove_from_journal\n- GFS2: Only set PageChecked for jdata pages\n- gfs2: keep bios separate for each journal\n- gfs2: Remove active journal side effect from gfs2_write_log_header\n- gfs2: clean_journal improperly set sd_log_flush_head\n- partial \"GFS2: Introduce new gfs2_log_header_v2\"\n- gfs2: change from write to read lock for sd_log_flush_lock in journal replay\n- GFS2: Reduce code redundancy writing log headers\n- gfs2: Grab glock reference sooner in gfs2_add_revoke\n- gfs2: fix glock reference problem in gfs2_trans_remove_revoke\n- gfs2: Fix occasional glock use-after-free\n- gfs2: Make sure we don't miss any delayed withdraws\n- gfs2: Fix bad comment for trans_drain\n- gfs2: add some much needed cleanup for log flushes that fail\n- gfs2: fix trans slab error when withdraw occurs inside log_flush\n- gfs2: initialize transaction tr_ailX_lists earlier\n- GFS2: Remove extra \"if\" in gfs2_log_flush()\n- gfs2: fix use-after-free on transaction ail lists\n- gfs2: Trim the ordered write list in gfs2_ordered_write()\n- GFS2: Clean up releasepage\n- gfs2: Only set PageChecked if we have a transaction\n- gfs2: Fix case in which ail writes are done to jdata holes\n- gfs2: simplify gfs2_block_map\n- gfs2: Remove unused gfs2_iomap_alloc argument\n- gfs2: Be more careful with the quota sync generation\n- gfs2: Get rid of some unnecessary quota locking\n- gfs2: Add some missing quota locking\n- gfs2: Fold qd_fish into gfs2_quota_sync\n- gfs2: quota need_sync cleanup\n- gfs2: Fix and clean up function do_qc\n- gfs2: Revert \"Add quota_change type\"\n- gfs2: Revert \"ignore negated quota changes\"\n- gfs2: qd_check_sync cleanups\n- gfs2: Check quota consistency on mount\n- gfs2: Minor gfs2_quota_init error path cleanup\n- gfs2: fix kernel BUG in gfs2_quota_cleanup\n- gfs2: Clean up quota.c:print_message\n- gfs2: Clean up gfs2_alloc_parms initializers\n- gfs2: Two quota=account mode fixes\n- gfs2: Remove useless assignment\n- gfs2: simplify slot_get\n- gfs2: Simplify qd2offset\n- gfs2: Remove quota allocation info from quota file\n- gfs2: use constant for array size\n- gfs2: Set qd_sync_gen in do_sync\n- gfs2: Remove useless err set\n- gfs2: Small gfs2_quota_lock cleanup\n- gfs2: move qdsb_put and reduce redundancy\n- gfs2: Don't try to sync non-changes\n- gfs2: Simplify function need_sync\n- gfs2: remove unneeded pg_oflow variable\n- gfs2: remove unneeded variable done\n- gfs2: pass sdp to gfs2_write_buf_to_page\n- gfs2: pass sdp in to gfs2_write_disk_quota\n- gfs2: Pass sdp to gfs2_adjust_quota\n- gfs2: remove dead code for quota writes\n- gfs2: Use qd_sbd more consequently\n- gfs2: replace 'found' with dedicated list iterator variable\n- gfs2: Some whitespace cleanups\n- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2025/clsa-2025_1759431869.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1759431869", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1759431869" } ], "tracking": { "current_release_date": "2025-10-02T19:09:41Z", "generator": { "date": "2025-10-02T19:09:41Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1759431869", "initial_release_date": "2025-10-02T19:09:41Z", "revision_history": [ { "date": "2025-10-02T19:09:41Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 40 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_id": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.119.1.0.5.el7.tuxcare.els25?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-48760", "cwe": { "id": "CWE-667", "name": "Improper Locking" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix hang in usb_kill_urb by adding memory barriers\n\nThe syzbot fuzzer has identified a bug in which processes hang waiting\nfor usb_kill_urb() to return. It turns out the issue is not unlinking\nthe URB; that works just fine. Rather, the problem arises when the\nwakeup notification that the URB has completed is not received.\n\nThe reason is memory-access ordering on SMP systems. In outline form,\nusb_kill_urb() and __usb_hcd_giveback_urb() operating concurrently on\ndifferent CPUs perform the following actions:\n\nCPU 0\t\t\t\t\tCPU 1\n----------------------------\t\t---------------------------------\nusb_kill_urb():\t\t\t\t__usb_hcd_giveback_urb():\n ...\t\t\t\t\t ...\n atomic_inc(&urb->reject);\t\t atomic_dec(&urb->use_count);\n ...\t\t\t\t\t ...\n wait_event(usb_kill_urb_queue,\n\tatomic_read(&urb->use_count) == 0);\n\t\t\t\t\t if (atomic_read(&urb->reject))\n\t\t\t\t\t\twake_up(&usb_kill_urb_queue);\n\nConfining your attention to urb->reject and urb->use_count, you can\nsee that the overall pattern of accesses on CPU 0 is:\n\n\twrite urb->reject, then read urb->use_count;\n\nwhereas the overall pattern of accesses on CPU 1 is:\n\n\twrite urb->use_count, then read urb->reject.\n\nThis pattern is referred to in memory-model circles as SB (for \"Store\nBuffering\"), and it is well known that without suitable enforcement of\nthe desired order of accesses -- in the form of memory barriers -- it\nis entirely possible for one or both CPUs to execute their reads ahead\nof their writes. The end result will be that sometimes CPU 0 sees the\nold un-decremented value of urb->use_count while CPU 1 sees the old\nun-incremented value of urb->reject. Consequently CPU 0 ends up on\nthe wait queue and never gets woken up, leading to the observed hang\nin usb_kill_urb().\n\nThe same pattern of accesses occurs in usb_poison_urb() and the\nfailure pathway of usb_hcd_submit_urb().\n\nThe problem is fixed by adding suitable memory barriers. To provide\nproper memory-access ordering in the SB pattern, a full barrier is\nrequired on both CPUs. The atomic_inc() and atomic_dec() accesses\nthemselves don't provide any memory ordering, but since they are\npresent, we can use the optimized smp_mb__after_atomic() memory\nbarrier in the various routines to obtain the desired effect.\n\nThis patch adds the necessary memory barriers.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48760" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf", "url": "https://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3", "url": "https://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b", "url": "https://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427", "url": "https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26", "url": "https://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6", "url": "https://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0", "url": "https://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0", "url": "https://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193", "url": "https://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193" } ], "release_date": "2024-06-20T12:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-40978", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedi: Fix crash while reading debugfs attribute\n\nThe qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly\non a __user pointer, which results into the crash.\n\nTo fix this issue, use a small local stack buffer for sprintf() and then\ncall simple_read_from_buffer(), which in turns make the copy_to_user()\ncall.\n\nBUG: unable to handle page fault for address: 00007f4801111000\nPGD 8000000864df6067 P4D 8000000864df6067 PUD 864df7067 PMD 846028067 PTE 0\nOops: 0002 [#1] PREEMPT SMP PTI\nHardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 06/15/2023\nRIP: 0010:memcpy_orig+0xcd/0x130\nRSP: 0018:ffffb7a18c3ffc40 EFLAGS: 00010202\nRAX: 00007f4801111000 RBX: 00007f4801111000 RCX: 000000000000000f\nRDX: 000000000000000f RSI: ffffffffc0bfd7a0 RDI: 00007f4801111000\nRBP: ffffffffc0bfd7a0 R08: 725f746f6e5f6f64 R09: 3d7265766f636572\nR10: ffffb7a18c3ffd08 R11: 0000000000000000 R12: 00007f4881110fff\nR13: 000000007fffffff R14: ffffb7a18c3ffca0 R15: ffffffffc0bfd7af\nFS: 00007f480118a740(0000) GS:ffff98e38af00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4801111000 CR3: 0000000864b8e001 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \n ? __die_body+0x1a/0x60\n ? page_fault_oops+0x183/0x510\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? memcpy_orig+0xcd/0x130\n vsnprintf+0x102/0x4c0\n sprintf+0x51/0x80\n qedi_dbg_do_not_recover_cmd_read+0x2f/0x50 [qedi 6bcfdeeecdea037da47069eca2ba717c84a77324]\n full_proxy_read+0x50/0x80\n vfs_read+0xa5/0x2e0\n ? folio_add_new_anon_rmap+0x44/0xa0\n ? set_pte_at+0x15/0x30\n ? do_pte_missing+0x426/0x7f0\n ksys_read+0xa5/0xe0\n do_syscall_64+0x58/0x80\n ? __count_memcg_events+0x46/0x90\n ? count_memcg_event_mm+0x3d/0x60\n ? handle_mm_fault+0x196/0x2f0\n ? do_user_addr_fault+0x267/0x890\n ? exc_page_fault+0x69/0x150\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4800f20b4d", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-40978" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7", "url": "https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901", "url": "https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5", "url": "https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b", "url": "https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0", "url": "https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75", "url": "https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241", "url": "https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46", "url": "https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46" } ], "release_date": "2024-07-12T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-26961", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmac802154: fix llsec key resources release in mac802154_llsec_key_del\n\nmac802154_llsec_key_del() can free resources of a key directly without\nfollowing the RCU rules for waiting before the end of a grace period. This\nmay lead to use-after-free in case llsec_lookup_key() is traversing the\nlist of keys in parallel with a key deletion:\n\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0\nModules linked in:\nCPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x162/0x2a0\nCall Trace:\n \n llsec_lookup_key.isra.0+0x890/0x9e0\n mac802154_llsec_encrypt+0x30c/0x9c0\n ieee802154_subif_start_xmit+0x24/0x1e0\n dev_hard_start_xmit+0x13e/0x690\n sch_direct_xmit+0x2ae/0xbc0\n __dev_queue_xmit+0x11dd/0x3c20\n dgram_sendmsg+0x90b/0xd60\n __sys_sendto+0x466/0x4c0\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x45/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nAlso, ieee802154_llsec_key_entry structures are not freed by\nmac802154_llsec_key_del():\n\nunreferenced object 0xffff8880613b6980 (size 64):\n comm \"iwpan\", pid 2176, jiffies 4294761134 (age 60.475s)\n hex dump (first 32 bytes):\n 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x.......\".......\n 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................\n backtrace:\n [] __kmem_cache_alloc_node+0x1e2/0x2d0\n [] kmalloc_trace+0x25/0xc0\n [] mac802154_llsec_key_add+0xac9/0xcf0\n [] ieee802154_add_llsec_key+0x5a/0x80\n [] nl802154_add_llsec_key+0x426/0x5b0\n [] genl_family_rcv_msg_doit+0x1fe/0x2f0\n [] genl_rcv_msg+0x531/0x7d0\n [] netlink_rcv_skb+0x169/0x440\n [] genl_rcv+0x28/0x40\n [] netlink_unicast+0x53c/0x820\n [] netlink_sendmsg+0x93b/0xe60\n [] ____sys_sendmsg+0xac5/0xca0\n [] ___sys_sendmsg+0x11d/0x1c0\n [] __sys_sendmsg+0xfa/0x1d0\n [] do_syscall_64+0x45/0xf0\n [] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nHandle the proper resource release in the RCU callback function\nmac802154_llsec_key_del_rcu().\n\nNote that if llsec_lookup_key() finds a key, it gets a refcount via\nllsec_key_get() and locally copies key id from key_entry (which is a\nlist element). So it's safe to call llsec_key_put() and free the list\nentry after the RCU grace period elapses.\n\nFound by Linux Verification Center (linuxtesting.org).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26961" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531", "url": "https://git.kernel.org/stable/c/068ab2759bc0b4daf0b964de61b2731449c86531" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d", "url": "https://git.kernel.org/stable/c/20d3e1c8a1847497269f04d874b2a5818ec29e2d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1", "url": "https://git.kernel.org/stable/c/49c8951680d7b76fceaee89dcfbab1363fb24fd1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88", "url": "https://git.kernel.org/stable/c/640297c3e897bd7e1481466a6a5cb9560f1edb88" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821", "url": "https://git.kernel.org/stable/c/d3d858650933d44ac12c1f31337e7110c2071821" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f", "url": "https://git.kernel.org/stable/c/dcd51ab42b7a0431575689c5f74b8b6efd45fc2f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40", "url": "https://git.kernel.org/stable/c/e8a1e58345cf40b7b272e08ac7b32328b2543e40" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "release_date": "2024-05-01T06:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-40929", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: check n_ssids before accessing the ssids\n\nIn some versions of cfg80211, the ssids poinet might be a valid one even\nthough n_ssids is 0. Accessing the pointer in this case will cuase an\nout-of-bound access. Fix this by checking n_ssids first.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-40929" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a", "url": "https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b", "url": "https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281", "url": "https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b", "url": "https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614", "url": "https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640", "url": "https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640" } ], "release_date": "2024-07-12T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52835", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Bail out early if the request AUX area is out of bound\n\nWhen perf-record with a large AUX area, e.g 4GB, it fails with:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)\n\nand it reveals a WARNING with __alloc_pages():\n\n\t------------[ cut here ]------------\n\tWARNING: CPU: 44 PID: 17573 at mm/page_alloc.c:5568 __alloc_pages+0x1ec/0x248\n\tCall trace:\n\t __alloc_pages+0x1ec/0x248\n\t __kmalloc_large_node+0xc0/0x1f8\n\t __kmalloc_node+0x134/0x1e8\n\t rb_alloc_aux+0xe0/0x298\n\t perf_mmap+0x440/0x660\n\t mmap_region+0x308/0x8a8\n\t do_mmap+0x3c0/0x528\n\t vm_mmap_pgoff+0xf4/0x1b8\n\t ksys_mmap_pgoff+0x18c/0x218\n\t __arm64_sys_mmap+0x38/0x58\n\t invoke_syscall+0x50/0x128\n\t el0_svc_common.constprop.0+0x58/0x188\n\t do_el0_svc+0x34/0x50\n\t el0_svc+0x34/0x108\n\t el0t_64_sync_handler+0xb8/0xc0\n\t el0t_64_sync+0x1a4/0x1a8\n\n'rb->aux_pages' allocated by kcalloc() is a pointer array which is used to\nmaintains AUX trace pages. The allocated page for this array is physically\ncontiguous (and virtually contiguous) with an order of 0..MAX_ORDER. If the\nsize of pointer array crosses the limitation set by MAX_ORDER, it reveals a\nWARNING.\n\nSo bail out early with -ENOMEM if the request AUX area is out of bound,\ne.g.:\n\n #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1\n failed to mmap with 12 (Cannot allocate memory)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52835" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece", "url": "https://git.kernel.org/stable/c/1a2a4202c60fcdffbf04f259002ce9bff39edece" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a", "url": "https://git.kernel.org/stable/c/2424410f94a94d91230ced094062d859714c984a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb", "url": "https://git.kernel.org/stable/c/2e905e608e38cf7f8dcddcf8a6036e91a78444cb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916", "url": "https://git.kernel.org/stable/c/54aee5f15b83437f23b2b2469bcf21bdd9823916" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734", "url": "https://git.kernel.org/stable/c/788c0b3442ead737008934947730a6d1ff703734" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f", "url": "https://git.kernel.org/stable/c/8c504f615d7ed60ae035c51d0c789137ced6797f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a", "url": "https://git.kernel.org/stable/c/9ce4e87a8efd37c85766ec08b15e885cab08553a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a", "url": "https://git.kernel.org/stable/c/fd0df3f8719201dbe61a4d39083d5aecd705399a" } ], "release_date": "2024-05-21T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52578", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: use DEV_STATS_INC()\n\nsyzbot/KCSAN reported data-races in br_handle_frame_finish() [1]\nThis function can run from multiple cpus without mutual exclusion.\n\nAdopt SMP safe DEV_STATS_INC() to update dev->stats fields.\n\nHandles updates to dev->stats.tx_dropped while we are at it.\n\n[1]\nBUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish\n\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\nrun_ksoftirqd+0x17/0x20 kernel/softirq.c:921\nsmpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\ndo_softirq+0x5e/0x90 kernel/softirq.c:454\n__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nbatadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356\nbatadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560\nprocess_one_work kernel/workqueue.c:2630 [inline]\nprocess_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703\nworker_thread+0x525/0x730 kernel/workqueue.c:2784\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nvalue changed: 0x00000000000d7190 -> 0x00000000000d7191\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52578" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/04cc361f029c14dd067ad180525c7392334c9bfd", "url": "https://git.kernel.org/stable/c/04cc361f029c14dd067ad180525c7392334c9bfd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/44bdb313da57322c9b3c108eb66981c6ec6509f4", "url": "https://git.kernel.org/stable/c/44bdb313da57322c9b3c108eb66981c6ec6509f4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2", "url": "https://git.kernel.org/stable/c/89f9f20b1cbd36d99d5a248a4bf8d11d4fd049a2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8bc97117b51d68d5cea8f5351cca2d8c4153f394", "url": "https://git.kernel.org/stable/c/8bc97117b51d68d5cea8f5351cca2d8c4153f394" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ad8d39c7b437fcdab7208a6a56c093d222c008d5", "url": "https://git.kernel.org/stable/c/ad8d39c7b437fcdab7208a6a56c093d222c008d5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d2346e6beb699909ca455d9d20c4e577ce900839", "url": "https://git.kernel.org/stable/c/d2346e6beb699909ca455d9d20c4e577ce900839" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f2ef4cb4d418fa64fe73eb84d10cc5c0e52e00fa", "url": "https://git.kernel.org/stable/c/f2ef4cb4d418fa64fe73eb84d10cc5c0e52e00fa" } ], "release_date": "2024-03-02T22:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-48695", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix use-after-free warning\n\nFix the following use-after-free warning which is observed during\ncontroller reset:\n\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48695" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b", "url": "https://git.kernel.org/stable/c/41acb064c4e013808bc7d5fc1b506fa449425b0b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5", "url": "https://git.kernel.org/stable/c/5682c94644fde72f72bded6580c38189ffc856b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7", "url": "https://git.kernel.org/stable/c/6229fa494a5949be209bc73afbc5d0a749c2e3c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16", "url": "https://git.kernel.org/stable/c/82efb917eeb27454dc4c6fe26432fc8f6c75bc16" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34", "url": "https://git.kernel.org/stable/c/991df3dd5144f2e6b1c38b8d20ed3d4d21e20b34" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82", "url": "https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6", "url": "https://git.kernel.org/stable/c/d4959d09b76eb7a4146f5133962b88d3bddb63d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057", "url": "https://git.kernel.org/stable/c/ea10a652ad2ae2cf3eced6f632a5c98f26727057" } ], "release_date": "2024-05-03T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47103", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: fully convert sk->sk_rx_dst to RCU rules\n\nsyzbot reported various issues around early demux,\none being included in this changelog [1]\n\nsk->sk_rx_dst is using RCU protection without clearly\ndocumenting it.\n\nAnd following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv()\nare not following standard RCU rules.\n\n[a] dst_release(dst);\n[b] sk->sk_rx_dst = NULL;\n\nThey look wrong because a delete operation of RCU protected\npointer is supposed to clear the pointer before\nthe call_rcu()/synchronize_rcu() guarding actual memory freeing.\n\nIn some cases indeed, dst could be freed before [b] is done.\n\nWe could cheat by clearing sk_rx_dst before calling\ndst_release(), but this seems the right time to stick\nto standard RCU annotations and debugging facilities.\n\n[1]\nBUG: KASAN: use-after-free in dst_check include/net/dst.h:470 [inline]\nBUG: KASAN: use-after-free in tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792\nRead of size 2 at addr ffff88807f1cb73a by task syz-executor.5/9204\n\nCPU: 0 PID: 9204 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n dst_check include/net/dst.h:470 [inline]\n tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792\n ip_rcv_finish_core.constprop.0+0x15de/0x1e80 net/ipv4/ip_input.c:340\n ip_list_rcv_finish.constprop.0+0x1b2/0x6e0 net/ipv4/ip_input.c:583\n ip_sublist_rcv net/ipv4/ip_input.c:609 [inline]\n ip_list_rcv+0x34e/0x490 net/ipv4/ip_input.c:644\n __netif_receive_skb_list_ptype net/core/dev.c:5508 [inline]\n __netif_receive_skb_list_core+0x549/0x8e0 net/core/dev.c:5556\n __netif_receive_skb_list net/core/dev.c:5608 [inline]\n netif_receive_skb_list_internal+0x75e/0xd80 net/core/dev.c:5699\n gro_normal_list net/core/dev.c:5853 [inline]\n gro_normal_list net/core/dev.c:5849 [inline]\n napi_complete_done+0x1f1/0x880 net/core/dev.c:6590\n virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline]\n virtnet_poll+0xca2/0x11b0 drivers/net/virtio_net.c:1557\n __napi_poll+0xaf/0x440 net/core/dev.c:7023\n napi_poll net/core/dev.c:7090 [inline]\n net_rx_action+0x801/0xb40 net/core/dev.c:7177\n __do_softirq+0x29b/0x9c2 kernel/softirq.c:558\n invoke_softirq kernel/softirq.c:432 [inline]\n __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:649\n common_interrupt+0x52/0xc0 arch/x86/kernel/irq.c:240\n asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629\nRIP: 0033:0x7f5e972bfd57\nCode: 39 d1 73 14 0f 1f 80 00 00 00 00 48 8b 50 f8 48 83 e8 08 48 39 ca 77 f3 48 39 c3 73 3e 48 89 13 48 8b 50 f8 48 89 38 49 8b 0e <48> 8b 3e 48 83 c3 08 48 83 c6 08 eb bc 48 39 d1 72 9e 48 39 d0 73\nRSP: 002b:00007fff8a413210 EFLAGS: 00000283\nRAX: 00007f5e97108990 RBX: 00007f5e97108338 RCX: ffffffff81d3aa45\nRDX: ffffffff81d3aa45 RSI: 00007f5e97108340 RDI: ffffffff81d3aa45\nRBP: 00007f5e97107eb8 R08: 00007f5e97108d88 R09: 0000000093c2e8d9\nR10: 0000000000000000 R11: 0000000000000000 R12: 00007f5e97107eb0\nR13: 00007f5e97108338 R14: 00007f5e97107ea8 R15: 0000000000000019\n \n\nAllocated by task 13:\n kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:46 [inline]\n set_alloc_info mm/kasan/common.c:434 [inline]\n __kasan_slab_alloc+0x90/0xc0 mm/kasan/common.c:467\n kasan_slab_alloc include/linux/kasan.h:259 [inline]\n slab_post_alloc_hook mm/slab.h:519 [inline]\n slab_alloc_node mm/slub.c:3234 [inline]\n slab_alloc mm/slub.c:3242 [inline]\n kmem_cache_alloc+0x202/0x3a0 mm/slub.c:3247\n dst_alloc+0x146/0x1f0 net/core/dst.c:92\n rt_dst_alloc+0x73/0x430 net/ipv4/route.c:1613\n ip_route_input_slow+0x1817/0x3a20 net/ipv4/route.c:234\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47103" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4", "url": "https://git.kernel.org/stable/c/0249a4b8a554f2eb6a27b62516fa50168584faa4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100", "url": "https://git.kernel.org/stable/c/68c34ce11ef23328692aa35fa6aaafdd75913100" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412", "url": "https://git.kernel.org/stable/c/75a578000ae5e511e5d0e8433c94a14d9c99c412" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105", "url": "https://git.kernel.org/stable/c/8f905c0e7354ef261360fb7535ea079b1082c105" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449", "url": "https://git.kernel.org/stable/c/92e6e36ecd16808866ac6172b9491b5097cde449" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e", "url": "https://git.kernel.org/stable/c/c3bb4a7e8cbc984e1cdac0fe6af60e880214ed6e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0", "url": "https://git.kernel.org/stable/c/f039b43cbaea5e0700980c2f0052da05a70782e0" } ], "release_date": "2024-03-04T18:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-53214", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Properly hide first-in-list PCIe extended capability\n\nThere are cases where a PCIe extended capability should be hidden from\nthe user. For example, an unknown capability (i.e., capability with ID\ngreater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally\nchosen to be hidden from the user.\n\nHiding a capability is done by virtualizing and modifying the 'Next\nCapability Offset' field of the previous capability so it points to the\ncapability after the one that should be hidden.\n\nThe special case where the first capability in the list should be hidden\nis handled differently because there is no previous capability that can\nbe modified. In this case, the capability ID and version are zeroed\nwhile leaving the next pointer intact. This hides the capability and\nleaves an anchor for the rest of the capability list.\n\nHowever, today, hiding the first capability in the list is not done\nproperly if the capability is unknown, as struct\nvfio_pci_core_device->pci_config_map is set to the capability ID during\ninitialization but the capability ID is not properly checked later when\nused in vfio_config_do_rw(). This leads to the following warning [1] and\nto an out-of-bounds access to ecap_perms array.\n\nFix it by checking cap_id in vfio_config_do_rw(), and if it is greater\nthan PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct\nread only access instead of the ecap_perms array.\n\nNote that this is safe since the above is the only case where cap_id can\nexceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which\nare already checked before).\n\n[1]\n\nWARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\nCPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1\n(snip)\nCall Trace:\n \n ? show_regs+0x69/0x80\n ? __warn+0x8d/0x140\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? report_bug+0x18f/0x1a0\n ? handle_bug+0x63/0xa0\n ? exc_invalid_op+0x19/0x70\n ? asm_exc_invalid_op+0x1b/0x20\n ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core]\n ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core]\n vfio_pci_rw+0x101/0x1b0 [vfio_pci_core]\n vfio_pci_core_read+0x1d/0x30 [vfio_pci_core]\n vfio_device_fops_read+0x27/0x40 [vfio]\n vfs_read+0xbd/0x340\n ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio]\n ? __rseq_handle_notify_resume+0xa4/0x4b0\n __x64_sys_pread64+0x96/0xc0\n x64_sys_call+0x1c3d/0x20d0\n do_syscall_64+0x4d/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-53214" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/06f2fcf49854ad05a09d09e0dbee6544fff04695", "url": "https://git.kernel.org/stable/c/06f2fcf49854ad05a09d09e0dbee6544fff04695" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0918f5643fc6c3f7801f4a22397d2cc09ba99207", "url": "https://git.kernel.org/stable/c/0918f5643fc6c3f7801f4a22397d2cc09ba99207" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1ef195178fb552478eb2587df4ad3be14ef76507", "url": "https://git.kernel.org/stable/c/1ef195178fb552478eb2587df4ad3be14ef76507" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4464e5aa3aa4574063640f1082f7d7e323af8eb4", "url": "https://git.kernel.org/stable/c/4464e5aa3aa4574063640f1082f7d7e323af8eb4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6c6502d944168cbd7e03a4a08ad6488f78d73485", "url": "https://git.kernel.org/stable/c/6c6502d944168cbd7e03a4a08ad6488f78d73485" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7d121f66b67921fb3b95e0ea9856bfba53733e91", "url": "https://git.kernel.org/stable/c/7d121f66b67921fb3b95e0ea9856bfba53733e91" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/949bee8065a85a5c6607c624dc05b5bc17119699", "url": "https://git.kernel.org/stable/c/949bee8065a85a5c6607c624dc05b5bc17119699" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9567bd34aa3b986736c290c5bcba47e0182ac47a", "url": "https://git.kernel.org/stable/c/9567bd34aa3b986736c290c5bcba47e0182ac47a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fe4bf8d0b6716a423b16495d55b35d3fe515905d", "url": "https://git.kernel.org/stable/c/fe4bf8d0b6716a423b16495d55b35d3fe515905d" } ], "release_date": "2024-12-27T14:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-37932", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsch_htb: make htb_qlen_notify() idempotent\nhtb_qlen_notify() always deactivates the HTB class and in fact could\ntrigger a warning if it is already deactivated. Therefore, it is not\nidempotent and not friendly to its callers, like fq_codel_dequeue().\nLet's make it idempotent to ease qdisc_tree_reduce_backlog() callers'\nlife.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37932" } ], "release_date": "2025-05-20T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-37798", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ncodel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\nAfter making all ->qlen_notify() callbacks idempotent, now it is safe to\nremove the check of qlen!=0 from both fq_codel_dequeue() and\ncodel_qdisc_dequeue().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-37798" } ], "release_date": "2025-05-02T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2024-40901", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory\n\nThere is a potential out-of-bounds access when using test_bit() on a single\nword. The test_bit() and set_bit() functions operate on long values, and\nwhen testing or setting a single word, they can exceed the word\nboundary. KASAN detects this issue and produces a dump:\n\n\t BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./include/asm-generic/bitops/instrumented-atomic.h:29 drivers/scsi/mpt3sas/mpt3sas_scsih.c:7331) mpt3sas\n\n\t Write of size 8 at addr ffff8881d26e3c60 by task kworker/u1536:2/2965\n\nFor full log, please look at [1].\n\nMake the allocation at least the size of sizeof(unsigned long) so that\nset_bit() and test_bit() have sufficient room for read/write operations\nwithout overwriting unallocated memory.\n\n[1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-40901" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16", "url": "https://git.kernel.org/stable/c/0081d2b3ae0a17a86b8cc0fa3c8bdc54e233ba16" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674", "url": "https://git.kernel.org/stable/c/18abb5db0aa9b2d48f7037a88b41af2eef821674" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2", "url": "https://git.kernel.org/stable/c/19649e49a6df07cd2e03e0a11396fd3a99485ec2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41", "url": "https://git.kernel.org/stable/c/4254dfeda82f20844299dca6c38cbffcfd499f41" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c", "url": "https://git.kernel.org/stable/c/46bab2bcd771e725ff5ca3a68ba68cfeac45676c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801", "url": "https://git.kernel.org/stable/c/521f333e644c4246ca04a4fc4772edc53dd2a801" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5", "url": "https://git.kernel.org/stable/c/9079338c5a0d1f1fee34fb1c9e99b754efe414c5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee", "url": "https://git.kernel.org/stable/c/e9bce7c751f6d6c7be88c0bc081a66aaf61a23ee" } ], "release_date": "2024-07-12T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-26974", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - resolve race condition during AER recovery\n\nDuring the PCI AER system's error recovery process, the kernel driver\nmay encounter a race condition with freeing the reset_data structure's\nmemory. If the device restart will take more than 10 seconds the function\nscheduling that restart will exit due to a timeout, and the reset_data\nstructure will be freed. However, this data structure is used for\ncompletion notification after the restart is completed, which leads\nto a UAF bug.\n\nThis results in a KFENCE bug notice.\n\n BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat]\n Use-after-free read at 0x00000000bc56fddf (in kfence-#142):\n adf_device_reset_worker+0x38/0xa0 [intel_qat]\n process_one_work+0x173/0x340\n\nTo resolve this race condition, the memory associated to the container\nof the work_struct is freed on the worker if the timeout expired,\notherwise on the function that schedules the worker.\nThe timeout detection can be done by checking if the caller is\nstill waiting for completion or not by using completion_done() function.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-26974" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be", "url": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7", "url": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f", "url": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c", "url": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc", "url": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81", "url": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828", "url": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71", "url": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7", "url": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "release_date": "2024-05-01T06:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52864", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: wmi: Fix opening of char device\n\nSince commit fa1f68db6ca7 (\"drivers: misc: pass miscdevice pointer via\nfile private data\"), the miscdevice stores a pointer to itself inside\nfilp->private_data, which means that private_data will not be NULL when\nwmi_char_open() is called. This might cause memory corruption should\nwmi_char_open() be unable to find its driver, something which can\nhappen when the associated WMI device is deleted in wmi_free_devices().\n\nFix the problem by using the miscdevice pointer to retrieve the WMI\ndevice data associated with a char device using container_of(). This\nalso avoids wmi_char_open() picking a wrong WMI device bound to a\ndriver with the same name as the original driver.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52864" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e", "url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e", "url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203", "url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6", "url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453", "url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097", "url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6", "url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3", "url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3" } ], "release_date": "2024-05-21T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52764", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: gspca: cpia1: shift-out-of-bounds in set_flicker\n\nSyzkaller reported the following issue:\nUBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27\nshift exponent 245 is too large for 32-bit type 'int'\n\nWhen the value of the variable \"sd->params.exposure.gain\" exceeds the\nnumber of bits in an integer, a shift-out-of-bounds error is reported. It\nis triggered because the variable \"currentexp\" cannot be left-shifted by\nmore than the number of bits in an integer. In order to avoid invalid\nrange during left-shift, the conditional expression is added.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52764" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953", "url": "https://git.kernel.org/stable/c/099be1822d1f095433f4b08af9cc9d6308ec1953" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26", "url": "https://git.kernel.org/stable/c/09cd8b561aa9796903710a1046957f2b112c8f26" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb", "url": "https://git.kernel.org/stable/c/2eee8edfff90e22980a6b22079d238c3c9d323bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060", "url": "https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b", "url": "https://git.kernel.org/stable/c/8f83c85ee88225319c52680792320c02158c2a9b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809", "url": "https://git.kernel.org/stable/c/93bddd6529f187f510eec759f37d0569243c9809" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177", "url": "https://git.kernel.org/stable/c/a647f27a7426d2fe1b40da7c8fa2b81354a51177" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a", "url": "https://git.kernel.org/stable/c/c6b6b8692218da73b33b310d7c1df90f115bdd9a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3", "url": "https://git.kernel.org/stable/c/e2d7149b913d14352c82624e723ce1c211ca06d3" } ], "release_date": "2024-05-21T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52594", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()\n\nFix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug\noccurs when txs->cnt, data from a URB provided by a USB device, is\nbigger than the size of the array txs->txstatus, which is\nHTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug\nhandling code after the check. Make the function return if that is the\ncase.\n\nFound by a modified version of syzkaller.\n\nUBSAN: array-index-out-of-bounds in htc_drv_txrx.c\nindex 13 is out of range for type '__wmi_event_txstatus [12]'\nCall Trace:\n ath9k_htc_txstatus\n ath9k_wmi_event_tasklet\n tasklet_action_common\n __do_softirq\n irq_exit_rxu\n sysvec_apic_timer_interrupt", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52594" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234", "url": "https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348", "url": "https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6ebb3c348" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1", "url": "https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9", "url": "https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1", "url": "https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d", "url": "https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225", "url": "https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc", "url": "https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "release_date": "2024-03-06T07:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-52530", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix potential key use-after-free\n\nWhen ieee80211_key_link() is called by ieee80211_gtk_rekey_add()\nbut returns 0 due to KRACK protection (identical key reinstall),\nieee80211_gtk_rekey_add() will still return a pointer into the\nkey, in a potential use-after-free. This normally doesn't happen\nsince it's only called by iwlwifi in case of WoWLAN rekey offload\nwhich has its own KRACK protection, but still better to fix, do\nthat by returning an error code and converting that to success on\nthe cfg80211 boundary only, leaving the error for bad callers of\nieee80211_gtk_rekey_add().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-52530" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09", "url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36", "url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b", "url": "https://git.kernel.org/stable/c/31db78a4923ef5e2008f2eed321811ca79e7f71b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d", "url": "https://git.kernel.org/stable/c/65c72a7201704574dace708cbc96a8f367b1491d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0", "url": "https://git.kernel.org/stable/c/e8a834eb09bb95c2bf9c76f1a28ecef7d8c439d0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022", "url": "https://git.kernel.org/stable/c/e8e599a635066c50ac214c3e10858f1d37e03022" } ], "release_date": "2024-03-02T22:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2023-0386", "cwe": { "id": "CWE-282", "name": "Improper Ownership Management" }, "notes": [ { "category": "description", "text": "A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-0386" }, { "category": "external", "summary": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html", "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230420-0004/", "url": "https://security.netapp.com/advisory/ntap-20230420-0004/" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5402", "url": "https://www.debian.org/security/2023/dsa-5402" } ], "release_date": "2023-03-22T21:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-49292", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: oss: Fix PCM OSS buffer allocation overflow\n\nWe've got syzbot reports hitting INT_MAX overflow at vmalloc()\nallocation that is called from snd_pcm_plug_alloc(). Although we\napply the restrictions to input parameters, it's based only on the\nhw_params of the underlying PCM device. Since the PCM OSS layer\nallocates a temporary buffer for the data conversion, the size may\nbecome unexpectedly large when more channels or higher rates is given;\nin the reported case, it went over INT_MAX, hence it hits WARN_ON().\n\nThis patch is an attempt to avoid such an overflow and an allocation\nfor too large buffers. First off, it adds the limit of 1MB as the\nupper bound for period bytes. This must be large enough for all use\ncases, and we really don't want to handle a larger temporary buffer\nthan this size. The size check is performed at two places, where the\noriginal period bytes is calculated and where the plugin buffer size\nis calculated.\n\nIn addition, the driver uses array_size() and array3_size() for\nmultiplications to catch overflows for the converted period size and\nbuffer bytes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-49292" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b", "url": "https://git.kernel.org/stable/c/0c4190b41a69990666b4000999e27f8f1b2a426b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898", "url": "https://git.kernel.org/stable/c/5ce74ff7059341d8b2f4d01c3383491df63d1898" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b", "url": "https://git.kernel.org/stable/c/7a40cbf3579a8e14849ba7ce46309c1992658d2b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5", "url": "https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a", "url": "https://git.kernel.org/stable/c/e74a069c6a7bb505f3ade141dddf85f4b0b5145a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366", "url": "https://git.kernel.org/stable/c/efb6402c3c4a7c26d97c92d70186424097b6e366" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade", "url": "https://git.kernel.org/stable/c/fb08bf99195a87c798bc8ae1357337a981faeade" } ], "release_date": "2025-02-26T07:01:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-48757", "cwe": { "id": "CWE-668", "name": "Exposure of Resource to Wrong Sphere" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix information leakage in /proc/net/ptype\n\nIn one net namespace, after creating a packet socket without binding\nit to a device, users in other net namespaces can observe the new\n`packet_type` added by this packet socket by reading `/proc/net/ptype`\nfile. This is minor information leakage as packet socket is\nnamespace aware.\n\nAdd a net pointer in `packet_type` to keep the net namespace of\nof corresponding packet socket. In `ptype_seq_show`, this net pointer\nmust be checked when it is not NULL.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48757" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888", "url": "https://git.kernel.org/stable/c/47934e06b65637c88a762d9c98329ae6e3238888" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee", "url": "https://git.kernel.org/stable/c/839ec7039513a4f84bfbaff953a9393471176bee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779", "url": "https://git.kernel.org/stable/c/8f88c78d24f6f346919007cd459fd7e51a8c7779" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54", "url": "https://git.kernel.org/stable/c/b67ad6170c0ea87391bb253f35d1f78857736e54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908", "url": "https://git.kernel.org/stable/c/be1ca30331c7923c6f376610c1bd6059be9b1908" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7", "url": "https://git.kernel.org/stable/c/c38023032a598ec6263e008d62c7f02def72d5c7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6", "url": "https://git.kernel.org/stable/c/db044d97460ea792110eb8b971e82569ded536c6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092", "url": "https://git.kernel.org/stable/c/e372ecd455b6ebc7720f52bf4b5f5d44d02f2092" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b", "url": "https://git.kernel.org/stable/c/e43669c77cb3a742b7d84ecdc7c68c4167a7709b" } ], "release_date": "2024-06-20T12:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-45885", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-45885" }, { "category": "external", "summary": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6769a0b7ee0c3b31e1b22c3fadff2bfb642de23f" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230113-0006/", "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" } ], "release_date": "2022-11-25T04:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-45884", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-45884" }, { "category": "external", "summary": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3", "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=627bb528b086b4136315c25d6a447a98ea9448d3" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/", "url": "https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel%40gmail.com/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230113-0006/", "url": "https://security.netapp.com/advisory/ntap-20230113-0006/" } ], "release_date": "2022-11-25T04:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-23039", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-23039" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "category": "external", "summary": "https://xenbits.xenproject.org/xsa/advisory-396.txt", "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt" } ], "release_date": "2022-03-10T20:15:00", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL_ACCESS", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-23038", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-23038" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "category": "external", "summary": "https://xenbits.xenproject.org/xsa/advisory-396.txt", "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt" } ], "release_date": "2022-03-10T20:15:00", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL_ACCESS", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-23037", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-23037" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html", "url": "https://lists.debian.org/debian-lts-announce/2022/07/msg00000.html" }, { "category": "external", "summary": "https://xenbits.xenproject.org/xsa/advisory-396.txt", "url": "https://xenbits.xenproject.org/xsa/advisory-396.txt" } ], "release_date": "2022-03-10T20:15:00", "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL_ACCESS", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47497", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmem: Fix shift-out-of-bound (UBSAN) with byte size cells\n\nIf a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic\n\n *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0);\n\nwill become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we\nsubtract one from that making a large number that is then shifted more than the\nnumber of bits that fit into an unsigned long.\n\nUBSAN reports this problem:\n\n UBSAN: shift-out-of-bounds in drivers/nvmem/core.c:1386:8\n shift exponent 64 is too large for 64-bit type 'unsigned long'\n CPU: 6 PID: 7 Comm: kworker/u16:0 Not tainted 5.15.0-rc3+ #9\n Hardware name: Google Lazor (rev3+) with KB Backlight (DT)\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n dump_backtrace+0x0/0x170\n show_stack+0x24/0x30\n dump_stack_lvl+0x64/0x7c\n dump_stack+0x18/0x38\n ubsan_epilogue+0x10/0x54\n __ubsan_handle_shift_out_of_bounds+0x180/0x194\n __nvmem_cell_read+0x1ec/0x21c\n nvmem_cell_read+0x58/0x94\n nvmem_cell_read_variable_common+0x4c/0xb0\n nvmem_cell_read_variable_le_u32+0x40/0x100\n a6xx_gpu_init+0x170/0x2f4\n adreno_bind+0x174/0x284\n component_bind_all+0xf0/0x264\n msm_drm_bind+0x1d8/0x7a0\n try_to_bring_up_master+0x164/0x1ac\n __component_add+0xbc/0x13c\n component_add+0x20/0x2c\n dp_display_probe+0x340/0x384\n platform_probe+0xc0/0x100\n really_probe+0x110/0x304\n __driver_probe_device+0xb8/0x120\n driver_probe_device+0x4c/0xfc\n __device_attach_driver+0xb0/0x128\n bus_for_each_drv+0x90/0xdc\n __device_attach+0xc8/0x174\n device_initial_probe+0x20/0x2c\n bus_probe_device+0x40/0xa4\n deferred_probe_work_func+0x7c/0xb8\n process_one_work+0x128/0x21c\n process_scheduled_works+0x40/0x54\n worker_thread+0x1ec/0x2a8\n kthread+0x138/0x158\n ret_from_fork+0x10/0x20\n\nFix it by making sure there are any bits to mask out.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47497" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082", "url": "https://git.kernel.org/stable/c/0594f1d048d8dc338eb9a240021b1d00ae1eb082" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae", "url": "https://git.kernel.org/stable/c/0e822e5413da1af28cca350cb1cb42b6133bdcae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df", "url": "https://git.kernel.org/stable/c/2df6c023050205c4d04ffc121bc549f65cb8d1df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66", "url": "https://git.kernel.org/stable/c/57e48886401b14cd351423fabfec2cfd18df4f66" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9", "url": "https://git.kernel.org/stable/c/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df", "url": "https://git.kernel.org/stable/c/60df06bbdf497e37ed25ad40572c362e5b0998df" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97", "url": "https://git.kernel.org/stable/c/abcb8d33e4d2215ccde5ab5ccf9f730a59d79d97" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca", "url": "https://git.kernel.org/stable/c/eb0fc8e7170e61eaf65d28dee4a8baf4e86b19ca" } ], "release_date": "2024-05-22T09:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47352", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: Add validation for used length\n\nThis adds validation for used length (might come\nfrom an untrusted device) to avoid data corruption\nor loss.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47352" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c", "url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758", "url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292", "url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462", "url": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813", "url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813" } ], "release_date": "2024-05-21T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47321", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwatchdog: Fix possible use-after-free by calling del_timer_sync()\n\nThis driver's remove path calls del_timer(). However, that function\ndoes not wait until the timer handler finishes. This means that the\ntimer handler may still be running after the driver's remove function\nhas finished, which would result in a use-after-free.\n\nFix by calling del_timer_sync(), which makes sure the timer handler\nhas finished, and unable to re-schedule itself.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47321" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1a053c4d716898a53c2e31c574a70ea0c37044a3", "url": "https://git.kernel.org/stable/c/1a053c4d716898a53c2e31c574a70ea0c37044a3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4c05dac488a660fe2925c047ecb119e7afaaeb1e", "url": "https://git.kernel.org/stable/c/4c05dac488a660fe2925c047ecb119e7afaaeb1e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d", "url": "https://git.kernel.org/stable/c/58606882ad8ec6c39e0f40344b922921ef94ab4d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/66ba9cf929b1c4fabf545bd4c18f6f64e23e46e4", "url": "https://git.kernel.org/stable/c/66ba9cf929b1c4fabf545bd4c18f6f64e23e46e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8bec568d7518b1504a602ed5376bb322e4dbb270", "url": "https://git.kernel.org/stable/c/8bec568d7518b1504a602ed5376bb322e4dbb270" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ca96b8ea5e74956071154bdb456778cc3027e79f", "url": "https://git.kernel.org/stable/c/ca96b8ea5e74956071154bdb456778cc3027e79f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d0212f095ab56672f6f36aabc605bda205e1e0bf", "url": "https://git.kernel.org/stable/c/d0212f095ab56672f6f36aabc605bda205e1e0bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db222f1477ad5692cd454709b714949807e5d111", "url": "https://git.kernel.org/stable/c/db222f1477ad5692cd454709b714949807e5d111" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ecd620e0fb1ff7f78fdb593379b2e6938c99707a", "url": "https://git.kernel.org/stable/c/ecd620e0fb1ff7f78fdb593379b2e6938c99707a" } ], "release_date": "2024-05-21T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2021-47310", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ti: fix UAF in tlan_remove_one\n\npriv is netdev private data and it cannot be\nused after free_netdev() call. Using priv after free_netdev()\ncan cause UAF bug. Fix it by moving free_netdev() at the end of the\nfunction.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-47310" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0336f8ffece62f882ab3012820965a786a983f70", "url": "https://git.kernel.org/stable/c/0336f8ffece62f882ab3012820965a786a983f70" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0538b0ab7d2c396e385694228c7cdcd2d2c514e9", "url": "https://git.kernel.org/stable/c/0538b0ab7d2c396e385694228c7cdcd2d2c514e9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/93efab0ef2a607fff9166d447c4035f98b5db342", "url": "https://git.kernel.org/stable/c/93efab0ef2a607fff9166d447c4035f98b5db342" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a0a817b2d308fac090a05cbbe80988e073ac5193", "url": "https://git.kernel.org/stable/c/a0a817b2d308fac090a05cbbe80988e073ac5193" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a18a8d9cfbb112ad72e625372849adc3986fd6bf", "url": "https://git.kernel.org/stable/c/a18a8d9cfbb112ad72e625372849adc3986fd6bf" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b7e5563f2a7862a9e4796abb9908b092f677e3c1", "url": "https://git.kernel.org/stable/c/b7e5563f2a7862a9e4796abb9908b092f677e3c1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c263ae8c7e4c482387de5e6c89e213f8173fe8b6", "url": "https://git.kernel.org/stable/c/c263ae8c7e4c482387de5e6c89e213f8173fe8b6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405", "url": "https://git.kernel.org/stable/c/f2a062fcfe1d6f1b0a86fa76ae21c277d65f4405" } ], "release_date": "2024-05-21T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-41069", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41069" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1", "url": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d", "url": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2", "url": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702", "url": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702" } ], "release_date": "2024-07-29T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-56616", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix MST sideband message body length check\n\nFix the MST sideband message body length check, which must be at least 1\nbyte accounting for the message body CRC (aka message data CRC) at the\nend of the message.\n\nThis fixes a case where an MST branch device returns a header with a\ncorrect header CRC (indicating a correctly received body length), with\nthe body length being incorrectly set to 0. This will later lead to a\nmemory corruption in drm_dp_sideband_append_payload() and the following\nerrors in dmesg:\n\n UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25\n index -1 is out of range for type 'u8 [48]'\n Call Trace:\n drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]\n\n memcpy: detected field-spanning write (size 18446744073709551615) of single field \"&msg->msg[msg->curlen]\" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256)\n Call Trace:\n drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper]\n drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56616" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af", "url": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef", "url": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5", "url": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96", "url": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763", "url": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801", "url": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801" } ], "release_date": "2024-12-27T15:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-35965", "cwe": { "id": "CWE-1284", "name": "Improper Validation of Specified Quantity in Input" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix not validating setsockopt user input\n\nCheck user input length before copying data.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35965" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a", "url": "https://git.kernel.org/stable/c/28234f8ab69c522ba447f3e041bbfbb284c5959a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846", "url": "https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9", "url": "https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607", "url": "https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0", "url": "https://git.kernel.org/stable/c/f13b04cf65a86507ff15a9bbf37969d25be3e2a0" } ], "release_date": "2024-05-20T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-21704", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdc-acm: Check control transfer buffer size before access\n\nIf the first fragment is shorter than struct usb_cdc_notification, we can't\ncalculate an expected_size. Log an error and discard the notification\ninstead of reading lengths from memory outside the received data, which can\nlead to memory corruption when the expected_size decreases between\nfragments, causing `expected_size - acm->nb_index` to wrap.\n\nThis issue has been present since the beginning of git history; however,\nit only leads to memory corruption since commit ea2583529cd1\n(\"cdc-acm: reassemble fragmented notifications\").\n\nA mitigating factor is that acm_ctrl_irq() can only execute after userspace\nhas opened /dev/ttyACM*; but if ModemManager is running, ModemManager will\ndo that automatically depending on the USB device's vendor/product IDs and\nits other interfaces.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21704" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831", "url": "https://git.kernel.org/stable/c/383d516a0ebc8641372b521c8cb717f0f1834831" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6abb510251e75f875797d8983a830e6731fa281c", "url": "https://git.kernel.org/stable/c/6abb510251e75f875797d8983a830e6731fa281c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a45b9f1d9fb35646", "url": "https://git.kernel.org/stable/c/7828e9363ac4d23b02419bf2a45b9f1d9fb35646" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/871619c2b78fdfe05afb4e8ba548678687beb812", "url": "https://git.kernel.org/stable/c/871619c2b78fdfe05afb4e8ba548678687beb812" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90dd2f1b7342b9a671a5ea4160f408037b92b118", "url": "https://git.kernel.org/stable/c/90dd2f1b7342b9a671a5ea4160f408037b92b118" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a4e1ae5c0533964170197e4fb4f33bc8c1db5cd2", "url": "https://git.kernel.org/stable/c/a4e1ae5c0533964170197e4fb4f33bc8c1db5cd2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e563b01208f4d1f609bcab13333b6c0e24ce6a01", "url": "https://git.kernel.org/stable/c/e563b01208f4d1f609bcab13333b6c0e24ce6a01" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f352ea29a617844636", "url": "https://git.kernel.org/stable/c/f64079bef6a8a7823358c3f352ea29a617844636" }, { "category": "external", "summary": "https://project-zero.issues.chromium.org/issues/395107243", "url": "https://project-zero.issues.chromium.org/issues/395107243" } ], "release_date": "2025-02-22T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-52332", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nigb: Fix potential invalid memory access in igb_init_module()\n\nThe pci_register_driver() can fail and when this happened, the dca_notifier\nneeds to be unregistered, otherwise the dca_notifier can be called when\nigb fails to install, resulting to invalid memory access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-52332" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0566f83d206c7a864abcd741fe39d6e0ae5eef29", "url": "https://git.kernel.org/stable/c/0566f83d206c7a864abcd741fe39d6e0ae5eef29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4458046617dfadc351162dbaea1945c57eebdf36", "url": "https://git.kernel.org/stable/c/4458046617dfadc351162dbaea1945c57eebdf36" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4fe517643f529e805bb6b890a4331c100e8f2484", "url": "https://git.kernel.org/stable/c/4fe517643f529e805bb6b890a4331c100e8f2484" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8009cdcc493fa30d4572016daf2d6999da4d6c54", "url": "https://git.kernel.org/stable/c/8009cdcc493fa30d4572016daf2d6999da4d6c54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/992fd34122de377b45cb75b64fc7f17fc1e6ed2f", "url": "https://git.kernel.org/stable/c/992fd34122de377b45cb75b64fc7f17fc1e6ed2f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e0155b1b1509d0ef4799bd1cd73309ca466df3f3", "url": "https://git.kernel.org/stable/c/e0155b1b1509d0ef4799bd1cd73309ca466df3f3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f309733a8c9da7d4266a8a3755020b738a570cae", "url": "https://git.kernel.org/stable/c/f309733a8c9da7d4266a8a3755020b738a570cae" } ], "release_date": "2025-01-11T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-35966", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: Fix not validating setsockopt user input\n\nsyzbot reported rfcomm_sock_setsockopt_old() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old\nnet/bluetooth/rfcomm/sock.c:632 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70\nnet/bluetooth/rfcomm/sock.c:673\nRead of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35966" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/00767fbd67af70d7a550caa5b12d9515fa978bab", "url": "https://git.kernel.org/stable/c/00767fbd67af70d7a550caa5b12d9515fa978bab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546", "url": "https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695", "url": "https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f", "url": "https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d072ea24748189cd8f4a9c3f585ca9af073a0838", "url": "https://git.kernel.org/stable/c/d072ea24748189cd8f4a9c3f585ca9af073a0838" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872", "url": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872" } ], "release_date": "2024-05-20T10:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-39499", "cwe": { "id": "CWE-668", "name": "Exposure of Resource to Wrong Sphere" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg->event_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-39499" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81", "url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd", "url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb", "url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4", "url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae", "url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee", "url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8", "url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3", "url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3" } ], "release_date": "2024-07-12T13:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-38621", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: stk1160: fix bounds checking in stk1160_copy_video()\n\nThe subtract in this condition is reversed. The ->length is the length\nof the buffer. The ->bytesused is how many bytes we have copied thus\nfar. When the condition is reversed that means the result of the\nsubtraction is always negative but since it's unsigned then the result\nis a very high positive value. That means the overflow check is never\ntrue.\n\nAdditionally, the ->bytesused doesn't actually work for this purpose\nbecause we're not writing to \"buf->mem + buf->bytesused\". Instead, the\nmath to calculate the destination where we are writing is a bit\ninvolved. You calculate the number of full lines already written,\nmultiply by two, skip a line if necessary so that we start on an odd\nnumbered line, and add the offset into the line.\n\nTo fix this buffer overflow, just take the actual destination where we\nare writing, if the offset is already out of bounds print an error and\nreturn. Otherwise, write up to buf->length bytes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-38621" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd", "url": "https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca899b9261", "url": "https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca899b9261" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7", "url": "https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52", "url": "https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808", "url": "https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200", "url": "https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a", "url": "https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/faa4364bef2ec0060de381ff028d1d836600a381", "url": "https://git.kernel.org/stable/c/faa4364bef2ec0060de381ff028d1d836600a381" } ], "release_date": "2024-06-21T11:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2025-38350", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: Always pass notifications when child class becomes empty\nCertain classful qdiscs may invoke their classes' dequeue handler on an\nenqueue operation. This may unexpectedly empty the child qdisc and thus\nmake an in-flight class passive via qlen_notify(). Most qdiscs do not\nexpect such behaviour at this point in time and may re-activate the\nclass eventually anyways which will lead to a use-after-free.\nThe referenced fix commit attempted to fix this behavior for the HFSC\ncase by moving the backlog accounting around, though this turned out to\nbe incomplete since the parent's parent may run into the issue too.\nThe following reproducer demonstrates this use-after-free:\ntc qdisc add dev lo root handle 1: drr\ntc filter add dev lo parent 1: basic classid 1:1\ntc class add dev lo parent 1: classid 1:1 drr\ntc qdisc add dev lo parent 1:1 handle 2: hfsc def 1\ntc class add dev lo parent 2: classid 2:1 hfsc rt m1 8 d 1 m2 0\ntc qdisc add dev lo parent 2:1 handle 3: netem\ntc qdisc add dev lo parent 3:1 handle 4: blackhole\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\ntc class delete dev lo classid 1:1\necho 1 | socat -u STDIN UDP4-DATAGRAM:127.0.0.1:8888\nSince backlog accounting issues leading to a use-after-frees on stale\nclass pointers is a recurring pattern at this point, this patch takes\na different approach. Instead of trying to fix the accounting, the patch\nensures that qdisc_tree_reduce_backlog always calls qlen_notify when\nthe child qdisc is empty. This solves the problem because deletion of\nqdiscs always involves a call to qdisc_reset() and / or\nqdisc_purge_queue() which ultimately resets its qlen to 0 thus causing\nthe following qdisc_tree_reduce_backlog() to report to the parent. Note\nthat this may call qlen_notify on passive classes multiple times. This\nis not a problem after the recent patch series that made all the\nclassful qdiscs qlen_notify() handlers idempotent.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38350" } ], "release_date": "2025-07-19T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2024-36921", "cwe": { "id": "CWE-129", "name": "Improper Validation of Array Index" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: guard against invalid STA ID on removal\n\nGuard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would\nresult in out-of-bounds array accesses. This prevents issues should the\ndriver get into a bad state during error handling.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-36921" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f", "url": "https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294", "url": "https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f", "url": "https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f" } ], "release_date": "2024-05-30T16:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:bpftool-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.119.1.0.5.el7.tuxcare.els25.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }