{
  "document": {
    "aggregate_severity": {
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "TuxCare License Agreement",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.",
        "title": "Terms of Use"
      },
      {
        "category": "details",
        "text": "drm/amd/display: Skip on writeback when it's not applicable {CVE-2024-36914}\n- ASoC: topology: Fix references to freed memory {CVE-2024-41069}\n- Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966}\n- Bluetooth: SCO: Fix not validating setsockopt user input\n- drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616}\n- xfs: don't walk off the end of a directory data block {CVE-2024-41013}\n- wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937}\n- Reapply \"wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()\"\n- net/rds: Fix rs_recv_pending counting issue\n- LTS tag: v5.4.301\n- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg\n- media: s5p-mfc: remove an unused/uninitialized variable\n- NFSD: Fix last write offset handling in layoutcommit\n- NFSD: Minor cleanup in layoutcommit processing\n- padata: Reset next CPU when reorder sequence wraps around\n- KEYS: trusted_tpm1: Compare HMAC values in constant time\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type {CVE-2025-40087}\n- vfs: Don't leak disconnected dentries on umount {CVE-2025-40105}\n- jbd2: ensure that all ongoing I/O complete before freeing blocks\n- ext4: detect invalid INLINE_DATA + EXTENTS flag combination {CVE-2025-40167}\n- drm/amdgpu: use atomic functions with memory barriers for vm fault info\n- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() {CVE-2025-40198}\n- spi: cadence-quadspi: Flush posted register writes before DAC access\n- spi: cadence-quadspi: Flush posted register writes before INDAC access\n- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe\n- memory: samsung: exynos-srom: Correct alignment\n- arm64: errata: Apply workarounds for Neoverse-V3AE\n- arm64: cputype: Add Neoverse-V3AE definitions\n- comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106}\n- binder: remove \"invalid inc weak\" check\n- xhci: dbc: enable back DbC in resume if it was enabled before suspend\n- usb/core/quirks: Add Huawei ME906S to wakeup quirk\n- USB: serial: option: add Telit FN920C04 ECM compositions\n- USB: serial: option: add Quectel RG255C\n- USB: serial: option: add UNISOC UIS7720\n- net: ravb: Ensure memory write completes before ringing TX doorbell\n- net: usb: rtl8150: Fix frame padding\n- ocfs2: clear extent cache after moving/defragmenting extents\n- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering\n- Revert \"cpuidle: menu: Avoid discarding useful information\"\n- net: bonding: fix possible peer notify event loss or dup issue\n- sctp: avoid NULL dereference when chunk data buffer is missing\n- arm64, mm: avoid always making PTE dirty in pte_mkwrite()\n- net: enetc: correct the value of ENETC_RXB_TRUESIZE\n- rtnetlink: Allow deleting FDB entries in user namespace\n- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del\n- net: add ndo_fdb_del_bulk\n- net: rtnetlink: add bulk delete support flag\n- net: netlink: add NLM_F_BULK delete request modifier\n- net: rtnetlink: use BIT for flag values\n- net: rtnetlink: add helper to extract msg type's kind\n- net: rtnetlink: add msg kind names\n- net: rtnetlink: remove redundant assignment to variable err\n- m68k: bitops: Fix find_*_bit() signatures\n- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super()\n- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()\n- dlm: check for defined force value in dlm_lockspace_release\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()\n- hfs: validate record offset in hfsplus_bmap_alloc\n- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n- hfs: make proper initalization of struct hfs_find_data\n- hfs: clear offset and space out of valid records in b-tree node\n- exec: Fix incorrect type for ret\n- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() {CVE-2025-40088}\n- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings\n- sched/fair: Fix pelt lost idle time detection\n- sched/balancing: Rename newidle_balance() => sched_balance_newidle()\n- sched/fair: Trivial correction of the newidle_balance() comment\n- sched: Make newidle_balance() static again\n- tls: don't rely on tx_work during send()\n- tls: always set record_type in tls_process_cmsg\n- tg3: prevent use of uninitialized remote_adv and local_adv variables\n- tcp: fix tcp_tso_should_defer() vs large RTT\n- amd-xgbe: Avoid spurious link down messages during interface toggle\n- net/ip6_tunnel: Prevent perpetual tunnel growth {CVE-2025-40173}\n- net: dlink: handle dma_map_single() failure properly\n- net: dl2k: switch from 'pci_' to 'dma_' API\n- media: pci: ivtv: Add missing check after DMA map\n- media: pci/ivtv: switch from 'pci_' to 'dma_' API {CVE-2024-43877}\n- xen/events: Update virq_to_irq on migration\n- media: lirc: Fix error handling in lirc_register()\n- media: rc: Directly use ida_free()\n- drm/exynos: exynos7_drm_decon: remove ctx->suspended\n- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() {CVE-2025-40205}\n- pwm: berlin: Fix wrong register in suspend/resume {CVE-2025-40188}\n- media: cx18: Add missing check after DMA map\n- xen/events: Cleanup find_virq() return codes\n- cramfs: Verify inode mode when loading from disk\n- fs: Add 'initramfs_options' to set initramfs mount options\n- pid: Add a judgment for ns null in pid_nr_ns {CVE-2025-40178}\n- minixfs: Verify inode mode when loading from disk\n- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference {CVE-2025-40042}\n- dm: fix NULL pointer dereference in __dm_suspend() {CVE-2025-40134}\n- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag\n- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type\n- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value\n- Squashfs: reject negative file sizes in squashfs_read_inode() {CVE-2025-40200}\n- Squashfs: add additional inode sanity checking\n- media: mc: Clear minor number before put device {CVE-2025-40197}\n- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data()\n- fs: udf: fix OOB read in lengthAllocDescs handling {CVE-2025-40044}\n- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O {CVE-2025-40026}\n- net/9p: fix double req put in p9_fd_cancelled {CVE-2025-40027}\n- ext4: guard against EA inode refcount underflow in xattr update {CVE-2025-40190}\n- ext4: correctly handle queries for metadata mappings\n- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch()\n- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry\n- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases)\n- x86/umip: Check that the instruction opcode is at least two bytes\n- PCI: keystone: Use devm_request_irq() to free \"ks-pcie-error-irq\" on exit\n- PCI/AER: Fix missing uevent on recovery when a reset is requested\n- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV\n- rseq/selftests: Use weak symbol reference, not definition, to link with glibc\n- rtc: interface: Fix long-standing race when setting alarm\n- rtc: interface: Ensure alarm irq is enabled when UIE is enabled\n- mmc: core: SPI mode remove cmd7\n- mtd: rawnand: fsmc: Default to autodetect buswidth\n- sparc: fix error handling in scan_one_device()\n- sparc64: fix hugetlb for sun4u\n- sctp: Fix MAC comparison to be constant-time {CVE-2025-40204}\n- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()\n- parisc: don't reference obsolete termio struct for TC* constants\n- lib/genalloc: fix device leak in of_gen_pool_get()\n- iio: frequency: adf4350: Fix prescaler usage.\n- iio: dac: ad5421: use int type to store negative error codes\n- iio: dac: ad5360: use int type to store negative error codes\n- crypto: atmel - Fix dma_unmap_sg() direction\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() {CVE-2025-40194}\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep\n- media: i2c: mt9v111: fix incorrect type for ret\n- firmware: meson_sm: fix device leak at probe\n- xen/manage: Fix suspend error path\n- arm64: dts: qcom: msm8916: Add missing MDSS reset\n- ACPI: debug: fix signedness issues in read/write helpers\n- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single\n- tpm, tpm_tis: Claim locality before writing interrupt registers\n- crypto: essiv - Check ssize for decryption and in-place encryption {CVE-2025-40019}\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call\n- tools build: Align warning options with perf\n- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe\n- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). {CVE-2025-40186}\n- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() {CVE-2025-40187}\n- drm/vmwgfx: Fix Use-after-free in validation {CVE-2025-40111}\n- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()\n- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue {CVE-2025-40001}\n- scsi: mvsas: Use sas_task_find_rq() for tagging\n- scsi: mvsas: Delete mvs_tag_init()\n- scsi: libsas: Add sas_task_find_rq()\n- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver\n- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate()\n- perf session: Fix handling when buffer exceeds 2 GiB\n- rtc: x1205: Fix Xicor X1205 vendor prefix\n- perf util: Fix compression checks returning -1 as bool\n- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE\n- clocksource/drivers/clps711x: Fix resource leaks in error paths\n- pinctrl: check the return value of pinmux_ops::get_function_name() {CVE-2025-40030}\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak {CVE-2025-40035}\n- mm: hugetlb: avoid soft lockup when mprotect to large memory area {CVE-2025-40153}\n- uio_hv_generic: Let userspace take care of interrupt mask {CVE-2025-40048}\n- Squashfs: fix uninit-value in squashfs_get_parent {CVE-2025-40049}\n- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable\n- nfp: fix RSS hash key size when RSS is not supported\n- drivers/base/node: fix double free in register_one_node()\n- ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055}\n- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast {CVE-2025-40140}\n- RDMA/siw: Always report immediate post SQ errors\n- usb: vhci-hcd: Prevent suspending virtually attached devices\n- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() {CVE-2025-40115}\n- ipvs: Defer ip_vs_ftp unregister during netns cleanup {CVE-2025-40018}\n- NFSv4.1: fix backchannel max_resp_sz verification check\n- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice\n- sparc: fix accurate exception reporting in copy_{from,to}_user for M7\n- sparc: fix accurate exception reporting in copy_to_user for Niagara 4\n- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara {CVE-2025-40112}\n- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III {CVE-2025-40124}\n- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC {CVE-2025-40126}\n- IB/sa: Fix sa_local_svc_timeout_ms read race\n- RDMA/core: Resolve MAC of next-hop device without ARP support\n- wifi: mt76: fix potential memory leak in mt76_wmac_probe()\n- drivers/base/node: handle error properly in register_one_node()\n- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog\n- netfilter: ipset: Remove unused htable_bits in macro ahash_region\n- iio: consumers: Fix offset handling in iio_convert_raw_to_processed()\n- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping {CVE-2025-40121}\n- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}\n- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping\n- pps: fix warning in pps_register_cdev when register device fail {CVE-2025-40070}\n- misc: genwqe: Fix incorrect cmd field being reported in error\n- usb: gadget: configfs: Correctly set use_os_string at bind\n- usb: phy: twl6030: Fix incorrect type for ret\n- tcp: fix __tcp_close() to only send RST when required\n- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation\n- wifi: mwifiex: send world regulatory domain to driver\n- ALSA: lx_core: use int type to store negative error codes\n- media: rj54n1cb0c: Fix memleak in rj54n1_probe()\n- scsi: myrs: Fix dma_alloc_coherent() error check\n- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod {CVE-2025-40118}\n- serial: max310x: Add error checking in probe()\n- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup {CVE-2025-40116}\n- drm/radeon/r600_cs: clean up of dead code in r600_cs\n- i2c: designware: Add disabling clocks when probe fails\n- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD\n- bpf: Explicitly check accesses to bpf_sock_addr {CVE-2025-40078}\n- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported\n- pwm: tiehrpwm: Fix corner case in clock divisor calculation\n- block: use int to store blk_stack_limits() return value\n- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx {CVE-2025-40125}\n- pinctrl: meson-gxl: add missing i2c_d pinmux\n- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS\n- ACPI: processor: idle: Fix memory leak when register cpuidle device failed\n- regmap: Remove superfluous check for !config in __regmap_init()\n- x86/vdso: Fix output operand size of RDPID\n- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() {CVE-2025-40081}\n- driver core/PM: Set power.no_callbacks along with power.no_pm\n- staging: axis-fifo: flush RX FIFO on read errors\n- staging: axis-fifo: fix maximum TX packet length check\n- perf subcmd: avoid crash in exclude_cmds when excludes is empty\n- dm-integrity: limit MAX_TAG_SIZE to 255\n- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188\n- USB: serial: option: add SIMCom 8230C compositions\n- media: rc: fix races with imon_disconnect() {CVE-2025-39993}\n- media: imon: grab lock earlier in imon_ir_change_protocol()\n- media: imon: reorganize serialization\n- media: rc: Add support for another iMON 0xffdc device\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe {CVE-2025-39995}\n- media: tuner: xc5000: Fix use-after-free in xc5000_release {CVE-2025-39994}\n- media: tunner: xc5000: Refactor firmware load\n- udp: Fix memory accounting leak. {CVE-2025-22058}\n- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove {CVE-2025-39996}\n- scsi: target: target_core_configfs: Add length check to avoid buffer overflow {CVE-2025-39998}\n- LTS tag: v5.4.300\n- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active\n- mm/hugetlb: fix folio is still mapped when deleted {CVE-2025-40006}\n- i40e: add mask to apply valid bits for itr_idx\n- i40e: fix validation of VF state in get resources {CVE-2025-39969}\n- i40e: fix idx validation in config queues msg {CVE-2025-39971}\n- i40e: add validation for ring_len param {CVE-2025-39973}\n- i40e: increase max descriptors for XL710\n- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() {CVE-2025-21861}\n- fbcon: Fix OOB access in font allocation\n- fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967}\n- i40e: add max boundary check for VF filters {CVE-2025-39968}\n- i40e: fix input validation logic for action_meta {CVE-2025-39970}\n- i40e: fix idx validation in i40e_validate_queue_map {CVE-2025-39972}\n- drm/gma500: Fix null dereference in hdmi teardown {CVE-2025-40011}\n- can: peak_usb: fix shift-out-of-bounds issue {CVE-2025-40020}\n- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39985}\n- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39986}\n- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39987}\n- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI\n- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions\n- usb: core: Add 0x prefix to quirks debug output\n- ALSA: usb-audio: Fix build with CONFIG_INPUT=n\n- ALSA: usb-audio: Convert comma to semicolon\n- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5\n- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks\n- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks\n- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks\n- ALSA: usb-audio: Fix block comments in mixer_quirks\n- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer {CVE-2025-39937}\n- net: rfkill: gpio: add DT support\n- serial: sc16is7xx: fix bug in flow control levels init\n- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels\n- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body\n- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message\n- ASoC: wm8974: Correct PLL rate rounding\n- ASoC: wm8940: Correct typo in control name\n- mmc: mvsdio: Fix dma_unmap_sg() nents value\n- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*\n- cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945}\n- net: liquidio: fix overflow in octeon_init_instr_queue()\n- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955}\n- i40e: remove redundant memory barrier when cleaning Tx descs\n- net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure\n- cgroup: split cgroup_destroy_wq into 3 workqueues {CVE-2025-39953}\n- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch\n- wifi: mac80211: fix incorrect type for ret\n- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported\n- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883}\n- phy: ti-pipe3: fix device leak at unbind\n- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees {CVE-2025-39923}\n- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map {CVE-2025-39869}\n- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails\n- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed\n- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911}\n- i40e: Use irq_update_affinity_hint()\n- genirq: Provide new interfaces for affinity hints\n- genirq: Export affinity setter for modules\n- genirq/affinity: Add irq_update_affinity_desc()\n- igb: fix link test skipping when interface is admin down\n- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() {CVE-2025-39876}\n- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions\n- USB: serial: option: add Telit Cinterion FN990A w/audio compositions\n- tty: hvc_console: Call hvc_kick in hvc_write unconditionally\n- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing\n- mtd: nand: raw: atmel: Fix comment in timings preparation\n- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer {CVE-2025-39907}\n- mm/khugepaged: fix the address passed to notifier on testing young\n- fuse: prevent overflow in copy_file_range return value\n- fuse: check if copy_file_range() returns larger than requested size\n- mtd: rawnand: stm32_fmc2: fix ECC overwrite\n- ocfs2: fix recursive semaphore deadlock in fiemap call {CVE-2025-39885}\n- EDAC/altera: Delete an inappropriate dma_free_coherent() call\n- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. {CVE-2025-39913}\n- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. {CVE-2025-23143}\n- device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022}\n- Revert \"net/mlx5e: Update and set Xon/Xoff upon MTU set\"\n- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer\n- rds: Free all frags when rds_ib_recv_cache_put() fails\n- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags\n- NFSv4: Don't clear capabilities that won't be reset\n- power: supply: bq27xxx: restrict no-battery detection to bq27000\n- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery\n- usb: hub: Fix flushing of delayed work used for post resume purposes\n- soc: qcom: mdt_loader: Deal with zero e_shentsize\n- Revert \"net/mlx5e: Update and set Xon/Xoff upon port speed set\"\n- LTS tag: v5.4.299\n- scsi: lpfc: Fix buffer free/clear order in deferred receive path {CVE-2025-39841}\n- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()\n- cifs: fix integer overflow in match_server()\n- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort\n- spi: spi-fsl-lpspi: Set correct chip-select polarity bit\n- spi: spi-fsl-lpspi: Fix transmissions when using CONT\n- pcmcia: Add error handling for add_interval() in do_validate_mem() {CVE-2025-39920}\n- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model\n- randstruct: gcc-plugin: Fix attribute addition\n- randstruct: gcc-plugin: Remove bogus void member\n- vmxnet3: update MTU after device quiesce\n- net: dsa: microchip: linearize skb for tail-tagging switches\n- net: dsa: microchip: update tag_ksz masks for KSZ9477 family\n- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status()\n- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup\n- gpio: pca953x: fix IRQ storm on system wake up\n- iio: light: opt3001: fix deadlock due to concurrent flag access {CVE-2025-37968}\n- iio: chemical: pms7003: use aligned_s64 for timestamp\n- cpufreq/sched: Explicitly synchronize limits_changed flag handling\n- mm/slub: avoid accessing metadata when pointer is invalid in object_err() {CVE-2025-39902}\n- mm/khugepaged: fix ->anon_vma race {CVE-2023-52935}\n- e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898}\n- batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839}\n- drm/amdgpu: drop hw access in non-DC audio fini\n- wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}\n- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() {CVE-2025-39846}\n- ALSA: usb-audio: Add mute TLV for playback volumes on some devices\n- ppp: fix memory leak in pad_compress_skb {CVE-2025-39847}\n- net: atm: fix memory leak in atm_register_sysfs when device_register fail\n- ax25: properly unshare skbs in ax25_kiss_rcv() {CVE-2025-39848}\n- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()\n- net: thunder_bgx: add a missing of_node_put\n- wifi: libertas: cap SSID len in lbs_associate()\n- wifi: cw1200: cap SSID length in cw1200_do_join()\n- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets\n- i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}\n- icmp: fix icmp_ndo_send address translation for reply direction\n- mISDN: Fix memory leak in dsp_hwec_enable()\n- xirc2ps_cs: fix register access when enabling FullDuplex\n- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() {CVE-2025-39860}\n- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY\n- wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864}\n- powerpc: boot: Remove leading zero in label in udelay()\n- hugetlbfs: take read_lock on i_mmap for PMD sharing\n- kallsyms: add module_kallsyms_on_each_symbol_locked\n- kallsyms: export module_kallsyms_on_each_symbol\n- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499}\n- x86/vmscape: Warn when STIBP is disabled with SMT\n- x86/bugs: Move cpu_bugs_smt_update() down\n- x86/vmscape: Enable the mitigation\n- x86/vmscape: Add conditional IBPB mitigation\n- x86/vmscape: Add old Intel CPUs to affected list\n- x86/vmscape: Enumerate VMSCAPE bug\n- Documentation/hw-vuln: Add VMSCAPE documentation\n- LTS tag: v5.4.298\n- Revert \"drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS\"\n- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions\n- Revert \"drm/amdgpu: fix incorrect vm flags to map bo\"\n- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() {CVE-2025-39808}\n- HID: wacom: Add a new Art Pen 2\n- HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824}\n- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817}\n- sctp: initialize more fields in sctp_v6_from_sk() {CVE-2025-39812}\n- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts\n- net/mlx5e: Set local Xoff after FW update\n- net/mlx5e: Update and set Xon/Xoff upon port speed set\n- net/mlx5e: Update and set Xon/Xoff upon MTU set\n- net: dlink: fix multicast stats being counted incorrectly\n- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). {CVE-2025-39828}\n- net/atm: remove the atmdev_ops {get, set}sockopt methods\n- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced\n- powerpc/kvm: Fix ifdef to remove build warning\n- net: ipv4: fix regression in local-broadcast routes\n- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()\n- scsi: core: sysfs: Correct sysfs attributes access rights\n- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump {CVE-2025-39813}\n- pinctrl: STMFX: add missing HAS_IOMEM dependency\n- LTS tag: v5.4.297\n- alloc_fdtable(): change calling conventions.\n- s390/hypfs: Enable limited access during lockdown\n- s390/hypfs: Avoid unnecessary ioctl registration in debugfs\n- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation\n- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate\n- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit {CVE-2025-39766}\n- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc\n- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add\n- ALSA: usb-audio: Fix size validation in convert_chmap_v3()\n- scsi: qla4xxx: Prevent a potential error pointer dereference {CVE-2025-39676}\n- usb: xhci: Fix slot_id resource race conflict\n- nfs: fix UAF in direct writes {CVE-2024-26958}\n- NFS: Fix up commit deadlocks\n- cifs: Fix UAF in cifs_demultiplex_thread() {CVE-2023-52572}\n- Bluetooth: fix use-after-free in device_for_each_child() {CVE-2024-53237}\n- act_mirred: use the backlog for nested calls to mirred ingress {CVE-2022-4269}\n- net/sched: act_mirred: better wording on protection against excessive stack growth\n- net/sched: act_mirred: refactor the handle of xmit\n- selftests: forwarding: tc_actions.sh: add matchall mirror test\n- net: sched: don't expose action qstats to skb_tc_reinsert()\n- net: sched: extract qstats update code into functions\n- net: sched: extract bstats update code into function\n- net: sched: extract common action counters update code into function\n- mm: perform the mapping_map_writable() check after call_mmap()\n- mm: update memfd seal write check to include F_SEAL_WRITE\n- mm: drop the assumption that VM_SHARED always implies writable\n- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798}\n- sch_qfq: make qfq_qlen_notify() idempotent\n- sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177}\n- sch_drr: make drr_qlen_notify() idempotent\n- btrfs: populate otime when logging an inode item\n- media: venus: hfi: explicitly release IRQ during teardown\n- f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677}\n- media: venus: protect against spurious interrupts during probe {CVE-2025-39709}\n- media: qcom: camss: cleanup media device allocated resource on error path\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.\n- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS\n- pwm: mediatek: Fix duty and period setting\n- pwm: mediatek: Handle hardware enable and clock enable separately\n- pwm: mediatek: Implement .apply() callback\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() {CVE-2025-39713}\n- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()\n- media: v4l2-ctrls: always copy the controls on completion\n- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig\n- soc: qcom: mdt_loader: Ensure we don't read past the ELF header {CVE-2025-39787}\n- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341\n- usb: musb: omap2430: fix device leak at unbind\n- NFS: Fix the setting of capabilities when automounting a new filesystem {CVE-2025-39798}\n- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()\n- NFSv4: Fix nfs4_bitmap_copy_adjust()\n- usb: typec: fusb302: cache PD RX state\n- cdc-acm: fix race between initial clearing halt and open\n- USB: cdc-acm: do not log successful probe on later errors\n- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock {CVE-2025-39736}\n- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t\n- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()\n- x86/fpu: Delay instruction pointer fixup until after warning\n- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724}\n- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov\n- tracing: Add down_write(trace_event_sem) when adding trace event {CVE-2025-38539}\n- usb: hub: Don't try to recover devices lost during warm reset.\n- usb: hub: avoid warm port reset during USB3 disconnect\n- x86/mce/amd: Add default names for MCA banks and blocks\n- iio: hid-sensor-prox: Fix incorrect OFFSET calculation\n- f2fs: fix to do sanity check on ino and xnid {CVE-2025-38347}\n- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n\n- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage()\n- drm/sched: Remove optimization that causes hang when killing dependent jobs\n- ice: Fix a null pointer dereference in ice_copy_and_init_pkg() {CVE-2025-38664}\n- net: usbnet: Fix the wrong netif_carrier_on() call\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event\n- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports\n- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value {CVE-2022-50327}\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large {CVE-2025-38481}\n- comedi: Fix initialization of data for instructions that write to subdevice {CVE-2025-38478}\n- kbuild: Add KBUILD_CPPFLAGS to as-option invocation\n- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS\n- kbuild: Add CLANG_FLAGS to as-instr\n- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation\n- kbuild: Update assembler calls to use proper flags and language target\n- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS\n- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout\n- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles\n- usb: storage: realtek_cr: Use correct byte order for bcs->Residue\n- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera\n- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive\n- iio: proximity: isl29501: fix buffered read on big-endian systems\n- ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689}\n- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()\n- use uniform permission checks for all mount propagation changes\n- move_mount: allow to add a mount into an existing group\n- fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691}\n- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs\n- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3\n- memstick: Fix deadlock by moving removing flag earlier\n- media: venus: Add a check for packet size after reading from shared memory {CVE-2025-39710}\n- media: ov2659: Fix memory leaks in ov2659_probe()\n- media: usbtv: Lock resolution while streaming {CVE-2025-39714}\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()\n- media: gspca: Add bounds checking to firmware parser\n- soc/tegra: pmc: Ensure power-domains are in a known state\n- jbd2: prevent softlockup in jbd2_log_do_checkpoint() {CVE-2025-39782}\n- PCI: endpoint: Fix configfs group removal on driver teardown\n- PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783}\n- mtd: rawnand: fsmc: Add missing check after DMA map\n- pwm: imx-tpm: Reset counter if CMOD is 0\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()\n- zynq_fpga: use sgtable-based scatterlist wrappers\n- ata: libata-scsi: Fix ata_to_sense_error() status handling\n- ext4: fix reserved gdt blocks handling in fsmap\n- ext4: fix fsmap end of range reporting with bigalloc\n- ext4: check fast symlink for ea_inode correctly\n- vt: defkeymap: Map keycodes above 127 to K_HOLE\n- vt: keyboard: Don't process Unicode characters in K_OFF mode\n- usb: dwc3: meson-g12a: fix device leaks at unbind\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()\n- m68k: Fix lost column on framebuffer debug console\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()\n- serial: 8250: fix panic due to PSLVERR {CVE-2025-39724}\n- media: uvcvideo: Do not mark valid metadata as invalid\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680}\n- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() {CVE-2025-39737}\n- parisc: Makefile: fix a typo in palo.conf\n- btrfs: fix log tree replay failure due to file with 0 links and extents\n- thunderbolt: Fix copy+paste error in match_service_id()\n- comedi: fix race between polling and detaching {CVE-2025-38687}\n- misc: rtsx: usb: Ensure mmc child device is active when card is present\n- drm/amdgpu: fix incorrect vm flags to map bo\n- scsi: lpfc: Remove redundant assignment to avoid memory leak\n- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe\n- pNFS: Fix uninited ptr deref in block/scsi layout {CVE-2025-38691}\n- pNFS: Handle RPC size limit for layoutcommits\n- pNFS: Fix disk addr range check in block/scsi layout\n- pNFS: Fix stripe mapping in block/scsi layout\n- net: phy: smsc: add proper reset flags for LAN8710A\n- ipmi: Fix strcpy source and destination the same\n- kconfig: lxdialog: fix 'space' to (de)select options\n- kconfig: gconf: fix potential memory leak in renderer_edited()\n- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()\n- ipmi: Use dev_warn_ratelimited() for incorrect message warnings\n- scsi: aacraid: Stop using PCI_IRQ_AFFINITY\n- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans\n- kconfig: nconf: Ensure null termination where strncpy is used\n- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c\n- i3c: don't fail if GETHDRCAP is unsupported\n- PCI: pnv_php: Work around switches with broken presence detection\n- i3c: add missing include to internal header\n- media: uvcvideo: Fix bandwidth issue for Alcor camera\n- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar {CVE-2025-38693}\n- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() {CVE-2025-38694}\n- media: usb: hdpvr: disable zero-length read messages\n- media: tc358743: Increase FIFO trigger level to 374\n- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt\n- media: tc358743: Check I2C succeeded during probe\n- pinctrl: stm32: Manage irq affinity settings\n- scsi: mpt3sas: Correctly handle ATA device errors\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure {CVE-2025-38695}\n- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() {CVE-2025-39742}\n- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO {CVE-2025-38696}\n- jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697}\n- jfs: Regular file corruption check {CVE-2025-38698}\n- jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743}\n- scsi: bfa: Double-free fix {CVE-2025-38699}\n- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}\n- watchdog: dw_wdt: Fix default timeout\n- fs/orangefs: use snprintf() instead of sprintf()\n- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated {CVE-2025-38700}\n- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr {CVE-2025-38701}\n- cifs: Fix calling CIFSFindFirst() for root path without msearch\n- vhost: fail early when __vhost_add_used() fails\n- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325\n- uapi: in6: restore visibility of most IPv6 socket options\n- net: ncsi: Fix buffer overflow in fetching version id\n- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325\n- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325\n- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs\n- wifi: iwlegacy: Check rate_idx range after addition\n- netmem: fix skb_frag_address_safe with unreadable skbs\n- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.\n- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect\n- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()\n- net: fec: allow disable coalescing\n- (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer\n- s390/stp: Remove udelay from stp_sync_clock()\n- wifi: iwlwifi: mvm: fix scan request validation\n- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()\n- net: ipv4: fix incorrect MTU in broadcast routes\n- wifi: cfg80211: Fix interface type validation\n- rcu: Protect ->defer_qs_iw_pending from data race {CVE-2025-39749}\n- net: ag71xx: Add missing check after DMA map\n- et131x: Add missing check after DMA map\n- be2net: Use correct byte order and format string for TCP seq and ack_seq\n- s390/time: Use monotonic clock in get_cycles()\n- wifi: cfg80211: reject HTC bit for management frames\n- ktest.pl: Prevent recursion of default variable options\n- ASoC: codecs: rt5640: Retry DEVICE_ID verification\n- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros\n- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751}\n- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches\n- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()\n- usb: core: usb_submit_urb: downgrade type check\n- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4\n- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection\n- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path\n- ACPI: processor: fix acpi_object initialization\n- PM: sleep: console: Fix the black screen issue\n- thermal: sysfs: Return ENODATA instead of EAGAIN for reads\n- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()\n- selftests: tracing: Use mutex_unlock for testing glob filter\n- ARM: tegra: Use I/O memcpy to write to IRAM {CVE-2025-39794}\n- gpio: tps65912: check the return value of regmap_update_bits()\n- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed\n- ARM: rockchip: fix kernel hang during smp initialization {CVE-2025-39752}\n- cpufreq: Exit governor when failed to start old governor\n- usb: xhci: Avoid showing errors during surprise removal\n- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command\n- usb: xhci: Avoid showing warnings for dying controller\n- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t\n- usb: xhci: print xhci->xhc_state when queue_command failed\n- securityfs: don't pin dentries twice, once is enough...\n- hfs: fix not erasing deleted b-tree node issue\n- drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708}\n- udf: Verify partition map count\n- arm64: Handle KCOV __init vs inline mismatches\n- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() {CVE-2025-38712}\n- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-40082}\n- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714}\n- hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715}\n- sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718}\n- netfilter: ctnetlink: fix refcount leak on table dump {CVE-2025-38721}\n- udp: also consider secpath when evaluating ipsec use for checksumming\n- ACPI: processor: perflib: Move problematic pr->performance check {CVE-2025-39799}\n- ACPI: processor: perflib: Fix initial _PPC limit application\n- Documentation: ACPI: Fix parent device references\n- fs: Prevent file descriptor table allocations exceeding INT_MAX {CVE-2025-39756}\n- sunvdc: Balance device refcount in vdc_port_mpgroup_check\n- NFSD: detect mismatch of file handle and delegation stateid in OPEN op\n- net: dpaa: fix device leak when querying time stamp info\n- net: gianfar: fix device leak when querying time stamp info\n- netlink: avoid infinite retry looping in netlink_unicast() {CVE-2025-38727}\n- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757}\n- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729}\n- io_uring: don't use int for ABI\n- usb: gadget : fix use-after-free in composite_dev_cleanup() {CVE-2025-38555}\n- MIPS: mm: tlb-r4k: Uniquify TLB entries on init\n- USB: serial: option: add Foxconn T99W709\n- vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618}\n- net/packet: fix a race in packet_set_ring() and packet_notifier() {CVE-2025-38617}\n- perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}\n- perf/core: Exit early on perf_mmap() fail {CVE-2025-38565}\n- perf/core: Don't leak AUX buffer refcount on allocation failure\n- pptp: fix pptp_xmit() error path\n- smb: client: let recv_done() cleanup before notifying the callers.\n- benet: fix BUG when creating VFs {CVE-2025-38569}\n- net: drop UFO packets in udp_rcv_segment() {CVE-2025-38622}\n- ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572}\n- pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}\n- netpoll: prevent hanging NAPI when netcons gets enabled\n- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730}\n- pci/hotplug/pnv-php: Wrap warnings in macro\n- pci/hotplug/pnv-php: Improve error msg on power state change failure\n- usb: chipidea: udc: fix sleeping function called from invalid context\n- f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652}\n- f2fs: fix to avoid panic in f2fs_evict_inode {CVE-2025-38577}\n- f2fs: fix to avoid UAF in f2fs_sync_inode_meta() {CVE-2025-38578}\n- rtc: pcf8563: fix incorrect maximum clock rate handling\n- rtc: hym8563: fix incorrect maximum clock rate handling\n- rtc: ds1307: fix incorrect maximum clock rate handling\n- module: Restore the moduleparam prefix length check\n- bpf: Check flow_dissector ctx accesses are aligned\n- mtd: rawnand: atmel: set pmecc data setup time\n- mtd: rawnand: atmel: Fix dma_mapping_error() address\n- jfs: fix metapage reference count leak in dbAllocCtl\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref {CVE-2025-38630}\n- crypto: qat - fix seq_file position update in adf_ring_next()\n- dmaengine: nbpfaxi: Add missing check after DMA map\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap\n- fs/orangefs: Allow 2 more characters in do_c_string()\n- soundwire: stream: restore params when prepare ports fail\n- crypto: img-hash - Fix dma_unmap_sg() nents value\n- hwrng: mtk - handle devm_pm_runtime_enable errors\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify()\n- scsi: isci: Fix dma_unmap_sg() nents value\n- scsi: mvsas: Fix dma_unmap_sg() nents value\n- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value\n- clk: sunxi-ng: v3s: Fix de clock definition\n- perf tests bp_account: Fix leaked file descriptor\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko {CVE-2025-38581}\n- pinctrl: sunxi: Fix memory leak on krealloc failure\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register() {CVE-2025-38635}\n- mtd: fix possible integer overflow in erase_xfer()\n- crypto: marvell/cesa - Fix engine load inaccuracy\n- PCI: rockchip-host: Fix \"Unexpected Completion\" log message\n- vrf: Drop existing dst reference in vrf_ip6_input_dst\n- selftests: rtnetlink.sh: remove esp4_offload after test\n- netfilter: xt_nfacct: don't assume acct name is null-terminated {CVE-2025-38639}\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index\n- can: kvaser_pciefd: Store device channel index\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE\n- mwl8k: Add missing check after DMA map\n- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree {CVE-2025-38553}\n- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value\n- m68k: Don't unregister boot console needlessly\n- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range\n- iwlwifi: Add missing check for alloc_ordered_workqueue {CVE-2025-38656}\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init()\n- wifi: rtl818x: Kill URBs before clearing tx status queue {CVE-2025-38604}\n- caif: reduce stack size, again\n- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure\n- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls {CVE-2025-38608}\n- staging: nvec: Fix incorrect null termination of battery manufacturer\n- samples: mei: Fix building on musl libc\n- cpufreq: Init policy->rwsem before it may be possibly used\n- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface\n- usb: early: xhci-dbc: Fix early_ioremap leak\n- Revert \"vmci: Prevent the dispatching of uninitialized payloads\" {CVE-2025-38611}\n- pps: fix poll support\n- vmci: Prevent the dispatching of uninitialized payloads {CVE-2025-38611}\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() {CVE-2025-38612}\n- ARM: dts: vfxxx: Correctly use two tuples for timer address\n- hfsplus: remove mutex_lock check in hfsplus_free_extents {CVE-2025-38650}\n- ASoC: Intel: fix SND_SOC_SOF dependencies\n- ethernet: intel: fix building with large NR_CPUS\n- usb: phy: mxs: disconnect line when USB charger is attached\n- usb: chipidea: add USB PHY event\n- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use\n- usb: chipidea: udc: protect usb interrupt enable\n- usb: chipidea: udc: add new API ci_hdrc_gadget_connect\n- ALSA: hda: Add missing NVIDIA HDA codec IDs\n- comedi: comedi_test: Fix possible deletion of uninitialized timers\n- nilfs2: reject invalid file types when reading inodes {CVE-2025-38663}\n- i2c: qup: jump out of the loop in case of timeout {CVE-2025-38671}\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class\n- net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666}\n- net: appletalk: fix kerneldoc warnings\n- RDMA/core: Rate limit GID cache warning messages\n- regulator: core: fix NULL dereference on unbind due to stale coupling data {CVE-2025-38668}\n- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm\n- usb: hub: fix detection of high tier USB3 devices behind suspended hubs\n- net_sched: sch_sfq: reject invalid perturb period {CVE-2025-38193}\n- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition {CVE-2023-33288}\n- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync\n- power: supply: bq24190_charger: Fix runtime PM imbalance on error\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS\n- virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375}\n- ASoC: fsl_sai: Force a software reset when starting in consumer mode\n- usb: dwc3: qcom: Don't leave BCR asserted\n- usb: musb: fix gadget state on disconnect\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree {CVE-2025-38468}\n- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime {CVE-2025-38470}\n- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU\n- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout\n- Bluetooth: SMP: If an unallowed command is received consider it a failure\n- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() {CVE-2025-38473}\n- usb: net: sierra: check for no status endpoint {CVE-2025-38474}\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477}\n- net: emaclite: Fix missing pointer increment in aligned_read()\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits() {CVE-2025-38480}\n- comedi: Fix some signed shift left operations\n- comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482}\n- comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483}\n- comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529}\n- comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530}\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler\n- iio: adc: max1363: Reorder mode_list[] entries\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]\n- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled {CVE-2025-38487}\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order\n- mmc: sdhci_am654: Workaround for Errata i2312\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models\n- mmc: bcm2835: Fix dma_unmap_sg() nents value\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()\n- isofs: Verify inode mode when loading from disk\n- dmaengine: nbpfaxi: Fix memory corruption in probe() {CVE-2025-38538}\n- af_packet: fix soft lockup issue caused by tpacket_snd()\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()\n- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()\n- HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494}\n- HID: core: ensure __hid_request reserves the report ID as the first byte\n- HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495}\n- pch_uart: Fix dma_sync_sg_for_device() nents value\n- Input: xpad - set correct controller type for Acer NGR200\n- i2c: stm32: fix the device used for the DMA map\n- usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497}\n- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI\n- USB: serial: option: add Foxconn T99W640\n- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition\n- LTS tag: v5.4.296\n- x86/mm: Disable hugetlb page table sharing on 32-bit\n- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID\n- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras {CVE-2025-38540}\n- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY\n- vt: add missing notification when switching back to text mode\n- net: usb: qmi_wwan: add SIMCom 8230C composition\n- atm: idt77252: Add missing `dma_map_error()`\n- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT {CVE-2025-38439}\n- bnxt_en: Fix DCB ETS validation\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx\n- net: appletalk: Fix device refcount leak in atrtr_create() {CVE-2025-38542}\n- md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445}\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() {CVE-2025-38513}\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2\n- Input: xpad - support Acer NGR 200 Controller\n- Input: xpad - add VID for Turtle Beach controllers\n- Input: xpad - add support for Amazon Game Controller\n- NFSv4/flexfiles: Fix handling of NFS level errors in I/O\n- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes\n- RDMA/mlx5: Fix vport loopback for MPV device\n- netlink: Fix rmem check in netlink_broadcast_deliver().\n- netlink: make sure we allow at least one dump skb\n- Revert \"ACPI: battery: negate current when discharging\"\n- usb: gadget: u_serial: Fix race condition in TTY wakeup {CVE-2025-38448}\n- drm/sched: Increment job count before swapping tail spsc queue {CVE-2025-38515}\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts {CVE-2025-38516}\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel\n- x86/mce: Don't remove sysfs if thresholding sysfs init fails\n- x86/mce/amd: Fix threshold limit reset\n- rxrpc: Fix oops due to non-existence of prealloc backlog struct {CVE-2025-38514}\n- net/sched: Abort __tc_modify_qdisc if parent class does not exist {CVE-2025-38457}\n- atm: clip: Fix NULL pointer dereference in vcc_sendmsg() {CVE-2025-38458}\n- atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}\n- atm: clip: Fix memory leak of struct clip_vcc. {CVE-2025-38546}\n- atm: clip: Fix potential null-ptr-deref in to_atmarpd(). {CVE-2025-38460}\n- tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464}\n- netlink: Fix wraparounds of sk->sk_rmem_alloc. {CVE-2025-38465}\n- fix proc_sys_compare() handling of in-lookup dentries\n- proc: Clear the pieces of proc_inode that proc_evict_inode cares about\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling {CVE-2025-38467}\n- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()\n- media: uvcvideo: Rollback non processed entities on error\n- media: uvcvideo: Send control events for partial succeeds\n- media: uvcvideo: Return the number of processed controls\n- ACPI: PAD: fix crash in exit_round_robin() {CVE-2024-49935}\n- usb: typec: displayport: Fix potential deadlock {CVE-2025-38404}\n- Logitech C-270 even more broken\n- rose: fix dangling neighbour pointers in rose_rt_device_down() {CVE-2025-38377}\n- net: rose: Fix fall-through warnings for Clang\n- drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389}\n- drm/i915/selftests: Change mock_request() to return error pointers\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer\n- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path\n- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write\n- dpaa2-eth: fix xdp_rxq_info leak\n- ethernet: atl1: Add missing DMA mapping error checks and count errors\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir\n- RDMA/mlx5: Fix CC counters query for MPV\n- RDMA/core: Create and destroy counters in the ib_core\n- scsi: ufs: core: Fix spelling of a sysfs attribute name\n- drm/v3d: Disable interrupts before resetting the GPU {CVE-2025-38371}\n- mtk-sd: reset host->mrq on prepare_data() error\n- mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401}\n- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395}\n- regulator: gpio: Add input_supply support in gpio_regulator_config\n- ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386}\n- wifi: ath6kl: remove WARN on bad firmware input {CVE-2025-38406}\n- wifi: mac80211: drop invalid source address OCB frames\n- powerpc: Fix struct termio related ioctl macros\n- ata: pata_cs5536: fix build on 32-bit UML\n- ALSA: sb: Force to disable DMAs once when DMA mode is changed\n- nui: Fix dma_mapping_error() check\n- enic: fix incorrect MTU comparison in enic_change_mtu()\n- amd-xgbe: align CL37 AN sequence as per databook\n- lib: test_objagg: Set error message in check_expect_hints_stats()\n- drm/exynos: fimd: Guard display clock control with runtime PM calls\n- btrfs: fix missing error handling when searching for inode refs during log replay\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. {CVE-2025-38400}\n- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert {CVE-2025-38387}\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments {CVE-2025-38391}\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode\n- vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403}\n- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume {CVE-2024-26644}\n- arm64: Restrict pagetable teardown to avoid false warning\n- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS\n- drm/bridge: cdns-dsi: Check return value when getting default PHY config\n- drm/bridge: cdns-dsi: Fix connecting to next bridge\n- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()\n- drm/tegra: Assign plane type before registration\n- HID: wacom: fix kobject reference count leak\n- HID: wacom: fix memory leak on sysfs attribute creation failure\n- HID: wacom: fix memory leak on kobject creation failure\n- dm-raid: fix variable in journal device check\n- Bluetooth: L2CAP: Fix L2CAP MTU negotiation\n- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245}\n- net: enetc: Correct endianness handling in _enetc_rd_reg64\n- um: ubd: Add missing error check in start_io_thread()\n- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors\n- wifi: mac80211: fix beacon interval calculation overflow\n- attach_recursive_mnt(): do not lock the covering tree when sliding something under it\n- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() {CVE-2025-38249}\n- i2c: robotfuzz-osif: disable zero-length read messages\n- i2c: tiny-usb: disable zero-length read messages\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211}\n- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private\n- media: vivid: Change the siize of the composing {CVE-2025-38226}\n- media: omap3isp: use sgtable-based scatterlist wrappers\n- media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229}\n- media: cxusb: use dev_dbg() rather than hand-rolled debug\n- jfs: validate AG parameters in dbMount() to prevent crashes {CVE-2025-38230}\n- fs/jfs: consolidate sanity checking in dbMount\n- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing\n- of: Add of_property_present() helper\n- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally\n- kbuild: hdrcheck: fix cross build with clang\n- kbuild: add --target to correctly cross-compile UAPI headers with Clang\n- bpfilter: match bit size of bpfilter_umh to that of the kernel\n- kbuild: use -MMD instead of -MD to exclude system headers from dependency\n- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102}\n- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259}\n- ovl: Check for NULL d_inode() in ovl_dentry_upper()\n- ceph: fix possible integer overflow in ceph_zero_objects()\n- ALSA: hda: Ignore unsol events for cards being shut down\n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode {CVE-2025-38404}\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s\n- usb: Add checks for snprintf() calls in usb_alloc_dev()\n- tty: serial: uartlite: register uart driver in init {CVE-2025-38262}\n- usb: potential integer overflow in usbg_make_tpg()\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp\n- md/md-bitmap: fix dm-raid max_write_behind setting\n- dmaengine: xilinx_dma: Set dma_device directions\n- mfd: max14577: Fix wakeup source leaks on device unbind\n- mailbox: Not protect module_put with spin_lock_irqsave\n- cifs: Fix cifs_query_path_info() for Windows NT servers\n- net/rds: Fix rs_recv_pending counting issue\n- LTS tag: v5.4.301\n- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg\n- media: s5p-mfc: remove an unused/uninitialized variable\n- NFSD: Fix last write offset handling in layoutcommit\n- NFSD: Minor cleanup in layoutcommit processing\n- padata: Reset next CPU when reorder sequence wraps around\n- KEYS: trusted_tpm1: Compare HMAC values in constant time\n- NFSD: Define a proc_layoutcommit for the FlexFiles layout type\n- vfs: Don't leak disconnected dentries on umount\n- jbd2: ensure that all ongoing I/O complete before freeing blocks\n- ext4: detect invalid INLINE_DATA + EXTENTS flag combination\n- drm/amdgpu: use atomic functions with memory barriers for vm fault info\n- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()\n- spi: cadence-quadspi: Flush posted register writes before DAC access\n- spi: cadence-quadspi: Flush posted register writes before INDAC access\n- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe\n- memory: samsung: exynos-srom: Correct alignment\n- arm64: errata: Apply workarounds for Neoverse-V3AE\n- arm64: cputype: Add Neoverse-V3AE definitions\n- comedi: fix divide-by-zero in comedi_buf_munge()\n- binder: remove \"invalid inc weak\" check\n- xhci: dbc: enable back DbC in resume if it was enabled before suspend\n- usb/core/quirks: Add Huawei ME906S to wakeup quirk\n- USB: serial: option: add Telit FN920C04 ECM compositions\n- USB: serial: option: add Quectel RG255C\n- USB: serial: option: add UNISOC UIS7720\n- net: ravb: Ensure memory write completes before ringing TX doorbell\n- net: usb: rtl8150: Fix frame padding\n- ocfs2: clear extent cache after moving/defragmenting extents\n- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering\n- Revert \"cpuidle: menu: Avoid discarding useful information\"\n- net: bonding: fix possible peer notify event loss or dup issue\n- sctp: avoid NULL dereference when chunk data buffer is missing\n- arm64, mm: avoid always making PTE dirty in pte_mkwrite()\n- net: enetc: correct the value of ENETC_RXB_TRUESIZE\n- rtnetlink: Allow deleting FDB entries in user namespace\n- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del\n- net: add ndo_fdb_del_bulk\n- net: rtnetlink: add bulk delete support flag\n- net: netlink: add NLM_F_BULK delete request modifier\n- net: rtnetlink: use BIT for flag values\n- net: rtnetlink: add helper to extract msg type's kind\n- net: rtnetlink: add msg kind names\n- net: rtnetlink: remove redundant assignment to variable err\n- m68k: bitops: Fix find_*_bit() signatures\n- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super()\n- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()\n- dlm: check for defined force value in dlm_lockspace_release\n- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()\n- hfs: validate record offset in hfsplus_bmap_alloc\n- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()\n- hfs: make proper initalization of struct hfs_find_data\n- hfs: clear offset and space out of valid records in b-tree node\n- exec: Fix incorrect type for ret\n- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\n- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings\n- sched/fair: Fix pelt lost idle time detection\n- sched/balancing: Rename newidle_balance() => sched_balance_newidle()\n- sched/fair: Trivial correction of the newidle_balance() comment\n- sched: Make newidle_balance() static again\n- tls: don't rely on tx_work during send()\n- tls: always set record_type in tls_process_cmsg\n- tg3: prevent use of uninitialized remote_adv and local_adv variables\n- tcp: fix tcp_tso_should_defer() vs large RTT\n- amd-xgbe: Avoid spurious link down messages during interface toggle\n- net/ip6_tunnel: Prevent perpetual tunnel growth\n- net: dlink: handle dma_map_single() failure properly\n- net: dl2k: switch from 'pci_' to 'dma_' API\n- media: pci: ivtv: Add missing check after DMA map\n- media: pci/ivtv: switch from 'pci_' to 'dma_' API\n- xen/events: Update virq_to_irq on migration\n- media: lirc: Fix error handling in lirc_register()\n- media: rc: Directly use ida_free()\n- drm/exynos: exynos7_drm_decon: remove ctx->suspended\n- btrfs: avoid potential out-of-bounds in btrfs_encode_fh()\n- pwm: berlin: Fix wrong register in suspend/resume\n- media: cx18: Add missing check after DMA map\n- xen/events: Cleanup find_virq() return codes\n- cramfs: Verify inode mode when loading from disk\n- fs: Add 'initramfs_options' to set initramfs mount options\n- pid: Add a judgment for ns null in pid_nr_ns\n- minixfs: Verify inode mode when loading from disk\n- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference\n- dm: fix NULL pointer dereference in __dm_suspend()\n- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag\n- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type\n- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value\n- Squashfs: reject negative file sizes in squashfs_read_inode()\n- Squashfs: add additional inode sanity checking\n- media: mc: Clear minor number before put device\n- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data()\n- fs: udf: fix OOB read in lengthAllocDescs handling\n- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O\n- net/9p: fix double req put in p9_fd_cancelled\n- ext4: guard against EA inode refcount underflow in xattr update\n- ext4: correctly handle queries for metadata mappings\n- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch()\n- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry\n- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases)\n- x86/umip: Check that the instruction opcode is at least two bytes\n- PCI: keystone: Use devm_request_irq() to free \"ks-pcie-error-irq\" on exit\n- PCI/AER: Fix missing uevent on recovery when a reset is requested\n- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV\n- rseq/selftests: Use weak symbol reference, not definition, to link with glibc\n- rtc: interface: Fix long-standing race when setting alarm\n- rtc: interface: Ensure alarm irq is enabled when UIE is enabled\n- mmc: core: SPI mode remove cmd7\n- mtd: rawnand: fsmc: Default to autodetect buswidth\n- sparc: fix error handling in scan_one_device()\n- sparc64: fix hugetlb for sun4u\n- sctp: Fix MAC comparison to be constant-time\n- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()\n- parisc: don't reference obsolete termio struct for TC* constants\n- lib/genalloc: fix device leak in of_gen_pool_get()\n- iio: frequency: adf4350: Fix prescaler usage.\n- iio: dac: ad5421: use int type to store negative error codes\n- iio: dac: ad5360: use int type to store negative error codes\n- crypto: atmel - Fix dma_unmap_sg() direction\n- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()\n- drm/nouveau: fix bad ret code in nouveau_bo_move_prep\n- media: i2c: mt9v111: fix incorrect type for ret\n- firmware: meson_sm: fix device leak at probe\n- xen/manage: Fix suspend error path\n- arm64: dts: qcom: msm8916: Add missing MDSS reset\n- ACPI: debug: fix signedness issues in read/write helpers\n- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT\n- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single\n- tpm, tpm_tis: Claim locality before writing interrupt registers\n- crypto: essiv - Check ssize for decryption and in-place encryption\n- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes\n- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call\n- tools build: Align warning options with perf\n- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe\n- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().\n- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()\n- drm/vmwgfx: Fix Use-after-free in validation\n- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter()\n- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue\n- scsi: mvsas: Use sas_task_find_rq() for tagging\n- scsi: mvsas: Delete mvs_tag_init()\n- scsi: libsas: Add sas_task_find_rq()\n- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver\n- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate()\n- perf session: Fix handling when buffer exceeds 2 GiB\n- rtc: x1205: Fix Xicor X1205 vendor prefix\n- perf util: Fix compression checks returning -1 as bool\n- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE\n- clocksource/drivers/clps711x: Fix resource leaks in error paths\n- pinctrl: check the return value of pinmux_ops::get_function_name()\n- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\n- mm: hugetlb: avoid soft lockup when mprotect to large memory area\n- uio_hv_generic: Let userspace take care of interrupt mask\n- Squashfs: fix uninit-value in squashfs_get_parent\n- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable\n- nfp: fix RSS hash key size when RSS is not supported\n- drivers/base/node: fix double free in register_one_node()\n- ocfs2: fix double free in user_cluster_connect()\n- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast\n- RDMA/siw: Always report immediate post SQ errors\n- usb: vhci-hcd: Prevent suspending virtually attached devices\n- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()\n- ipvs: Defer ip_vs_ftp unregister during netns cleanup\n- NFSv4.1: fix backchannel max_resp_sz verification check\n- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice\n- sparc: fix accurate exception reporting in copy_{from,to}_user for M7\n- sparc: fix accurate exception reporting in copy_to_user for Niagara 4\n- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara\n- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III\n- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC\n- IB/sa: Fix sa_local_svc_timeout_ms read race\n- RDMA/core: Resolve MAC of next-hop device without ARP support\n- wifi: mt76: fix potential memory leak in mt76_wmac_probe()\n- drivers/base/node: handle error properly in register_one_node()\n- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog\n- netfilter: ipset: Remove unused htable_bits in macro ahash_region\n- iio: consumers: Fix offset handling in iio_convert_raw_to_processed()\n- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping\n- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping\n- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping\n- pps: fix warning in pps_register_cdev when register device fail\n- misc: genwqe: Fix incorrect cmd field being reported in error\n- usb: gadget: configfs: Correctly set use_os_string at bind\n- usb: phy: twl6030: Fix incorrect type for ret\n- tcp: fix __tcp_close() to only send RST when required\n- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation\n- wifi: mwifiex: send world regulatory domain to driver\n- ALSA: lx_core: use int type to store negative error codes\n- media: rj54n1cb0c: Fix memleak in rj54n1_probe()\n- scsi: myrs: Fix dma_alloc_coherent() error check\n- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod\n- serial: max310x: Add error checking in probe()\n- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup\n- drm/radeon/r600_cs: clean up of dead code in r600_cs\n- i2c: designware: Add disabling clocks when probe fails\n- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD\n- bpf: Explicitly check accesses to bpf_sock_addr\n- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported\n- pwm: tiehrpwm: Fix corner case in clock divisor calculation\n- block: use int to store blk_stack_limits() return value\n- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx\n- pinctrl: meson-gxl: add missing i2c_d pinmux\n- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS\n- ACPI: processor: idle: Fix memory leak when register cpuidle device failed\n- regmap: Remove superfluous check for !config in __regmap_init()\n- x86/vdso: Fix output operand size of RDPID\n- perf: arm_spe: Prevent overflow in PERF_IDX2OFF()\n- driver core/PM: Set power.no_callbacks along with power.no_pm\n- staging: axis-fifo: flush RX FIFO on read errors\n- staging: axis-fifo: fix maximum TX packet length check\n- perf subcmd: avoid crash in exclude_cmds when excludes is empty\n- dm-integrity: limit MAX_TAG_SIZE to 255\n- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188\n- USB: serial: option: add SIMCom 8230C compositions\n- media: rc: fix races with imon_disconnect()\n- media: imon: grab lock earlier in imon_ir_change_protocol()\n- media: imon: reorganize serialization\n- media: rc: Add support for another iMON 0xffdc device\n- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe\n- media: tuner: xc5000: Fix use-after-free in xc5000_release\n- media: tunner: xc5000: Refactor firmware load\n- udp: Fix memory accounting leak.\n- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove\n- scsi: target: target_core_configfs: Add length check to avoid buffer overflow\n- LTS tag: v5.4.300\n- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active\n- mm/hugetlb: fix folio is still mapped when deleted\n- i40e: add mask to apply valid bits for itr_idx\n- i40e: fix validation of VF state in get resources\n- i40e: fix idx validation in config queues msg\n- i40e: add validation for ring_len param\n- i40e: increase max descriptors for XL710\n- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()\n- fbcon: Fix OOB access in font allocation\n- fbcon: fix integer overflow in fbcon_do_set_font\n- i40e: add max boundary check for VF filters\n- i40e: fix input validation logic for action_meta\n- i40e: fix idx validation in i40e_validate_queue_map\n- drm/gma500: Fix null dereference in hdmi teardown\n- can: peak_usb: fix shift-out-of-bounds issue\n- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow\n- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow\n- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow\n- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI\n- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions\n- usb: core: Add 0x prefix to quirks debug output\n- ALSA: usb-audio: Fix build with CONFIG_INPUT=n\n- ALSA: usb-audio: Convert comma to semicolon\n- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5\n- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks\n- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks\n- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks\n- ALSA: usb-audio: Fix block comments in mixer_quirks\n- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer\n- net: rfkill: gpio: add DT support\n- serial: sc16is7xx: fix bug in flow control levels init\n- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels\n- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body\n- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message\n- ASoC: wm8974: Correct PLL rate rounding\n- ASoC: wm8940: Correct typo in control name\n- mmc: mvsdio: Fix dma_unmap_sg() nents value\n- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*\n- cnic: Fix use-after-free bugs in cnic_delete_task\n- net: liquidio: fix overflow in octeon_init_instr_queue()\n- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().\n- i40e: remove redundant memory barrier when cleaning Tx descs\n- net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure\n- cgroup: split cgroup_destroy_wq into 3 workqueues\n- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch\n- wifi: mac80211: fix incorrect type for ret\n- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported\n- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory\n- phy: ti-pipe3: fix device leak at unbind\n- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees\n- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map\n- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails\n- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed\n- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path\n- i40e: Use irq_update_affinity_hint()\n- genirq: Provide new interfaces for affinity hints\n- genirq: Export affinity setter for modules\n- genirq/affinity: Add irq_update_affinity_desc()\n- igb: fix link test skipping when interface is admin down\n- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()\n- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions\n- USB: serial: option: add Telit Cinterion FN990A w/audio compositions\n- tty: hvc_console: Call hvc_kick in hvc_write unconditionally\n- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing\n- mtd: nand: raw: atmel: Fix comment in timings preparation\n- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer\n- mm/khugepaged: fix the address passed to notifier on testing young\n- fuse: prevent overflow in copy_file_range return value\n- fuse: check if copy_file_range() returns larger than requested size\n- mtd: rawnand: stm32_fmc2: fix ECC overwrite\n- ocfs2: fix recursive semaphore deadlock in fiemap call\n- EDAC/altera: Delete an inappropriate dma_free_coherent() call\n- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.\n- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.\n- device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022}\n- Revert \"net/mlx5e: Update and set Xon/Xoff upon MTU set\"\n- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer\n- rds: Free all frags when rds_ib_recv_cache_put() fails\n- bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags\n- NFSv4: Don't clear capabilities that won't be reset\n- power: supply: bq27xxx: restrict no-battery detection to bq27000\n- power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery\n- usb: hub: Fix flushing of delayed work used for post resume purposes\n- soc: qcom: mdt_loader: Deal with zero e_shentsize\n- Revert \"net/mlx5e: Update and set Xon/Xoff upon port speed set\"\n- LTS tag: v5.4.299\n- scsi: lpfc: Fix buffer free/clear order in deferred receive path\n- dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status()\n- cifs: fix integer overflow in match_server()\n- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort\n- spi: spi-fsl-lpspi: Set correct chip-select polarity bit\n- spi: spi-fsl-lpspi: Fix transmissions when using CONT\n- pcmcia: Add error handling for add_interval() in do_validate_mem()\n- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model\n- randstruct: gcc-plugin: Fix attribute addition\n- randstruct: gcc-plugin: Remove bogus void member\n- vmxnet3: update MTU after device quiesce\n- net: dsa: microchip: linearize skb for tail-tagging switches\n- net: dsa: microchip: update tag_ksz masks for KSZ9477 family\n- dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status()\n- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup\n- gpio: pca953x: fix IRQ storm on system wake up\n- iio: light: opt3001: fix deadlock due to concurrent flag access\n- iio: chemical: pms7003: use aligned_s64 for timestamp\n- cpufreq/sched: Explicitly synchronize limits_changed flag handling\n- mm/slub: avoid accessing metadata when pointer is invalid in object_err()\n- mm/khugepaged: fix ->anon_vma race\n- e1000e: fix heap overflow in e1000_set_eeprom\n- batman-adv: fix OOB read/write in network-coding decode\n- drm/amdgpu: drop hw access in non-DC audio fini\n- wifi: mwifiex: Initialize the chan_stats array to zero\n- pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region()\n- ALSA: usb-audio: Add mute TLV for playback volumes on some devices\n- ppp: fix memory leak in pad_compress_skb\n- net: atm: fix memory leak in atm_register_sysfs when device_register fail\n- ax25: properly unshare skbs in ax25_kiss_rcv()\n- ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init()\n- net: thunder_bgx: add a missing of_node_put\n- wifi: libertas: cap SSID len in lbs_associate()\n- wifi: cw1200: cap SSID length in cw1200_do_join()\n- net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets\n- i40e: Fix potential invalid access when MAC list is empty\n- icmp: fix icmp_ndo_send address translation for reply direction\n- mISDN: Fix memory leak in dsp_hwec_enable()\n- xirc2ps_cs: fix register access when enabling FullDuplex\n- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()\n- netfilter: conntrack: helper: Replace -EEXIST by -EBUSY\n- wifi: cfg80211: fix use-after-free in cmp_bss()\n- powerpc: boot: Remove leading zero in label in udelay()\n- hugetlbfs: take read_lock on i_mmap for PMD sharing\n- kallsyms: add module_kallsyms_on_each_symbol_locked\n- kallsyms: export module_kallsyms_on_each_symbol\n- uek-rpm: Move ifb module to nano modules\n- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499}\n- x86/vmscape: Warn when STIBP is disabled with SMT\n- x86/bugs: Move cpu_bugs_smt_update() down\n- x86/vmscape: Enable the mitigation\n- x86/vmscape: Add conditional IBPB mitigation\n- x86/vmscape: Add old Intel CPUs to affected list\n- x86/vmscape: Enumerate VMSCAPE bug\n- Documentation/hw-vuln: Add VMSCAPE documentation\n- LTS tag: v5.4.298\n- Revert \"drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS\"\n- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions\n- Revert \"drm/amdgpu: fix incorrect vm flags to map bo\"\n- HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version()\n- HID: wacom: Add a new Art Pen 2\n- HID: asus: fix UAF via HID_CLAIMED_INPUT validation\n- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare\n- sctp: initialize more fields in sctp_v6_from_sk()\n- net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts\n- net/mlx5e: Set local Xoff after FW update\n- net/mlx5e: Update and set Xon/Xoff upon port speed set\n- net/mlx5e: Update and set Xon/Xoff upon MTU set\n- net: dlink: fix multicast stats being counted incorrectly\n- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control().\n- net/atm: remove the atmdev_ops {get, set}sockopt methods\n- Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced\n- powerpc/kvm: Fix ifdef to remove build warning\n- net: ipv4: fix regression in local-broadcast routes\n- vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()\n- scsi: core: sysfs: Correct sysfs attributes access rights\n- ftrace: Fix potential warning in trace_printk_seq during ftrace_dump\n- pinctrl: STMFX: add missing HAS_IOMEM dependency\n- LTS tag: v5.4.297\n- alloc_fdtable(): change calling conventions.\n- s390/hypfs: Enable limited access during lockdown\n- s390/hypfs: Avoid unnecessary ioctl registration in debugfs\n- ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation\n- net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate\n- net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit\n- ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc\n- ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add\n- ALSA: usb-audio: Fix size validation in convert_chmap_v3()\n- scsi: qla4xxx: Prevent a potential error pointer dereference\n- usb: xhci: Fix slot_id resource race conflict\n- nfs: fix UAF in direct writes\n- NFS: Fix up commit deadlocks\n- cifs: Fix UAF in cifs_demultiplex_thread()\n- Bluetooth: fix use-after-free in device_for_each_child()\n- act_mirred: use the backlog for nested calls to mirred ingress\n- net/sched: act_mirred: better wording on protection against excessive stack growth\n- net/sched: act_mirred: refactor the handle of xmit\n- selftests: forwarding: tc_actions.sh: add matchall mirror test\n- net: sched: don't expose action qstats to skb_tc_reinsert()\n- net: sched: extract qstats update code into functions\n- net: sched: extract bstats update code into function\n- net: sched: extract common action counters update code into function\n- mm: perform the mapping_map_writable() check after call_mmap()\n- mm: update memfd seal write check to include F_SEAL_WRITE\n- mm: drop the assumption that VM_SHARED always implies writable\n- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()\n- sch_qfq: make qfq_qlen_notify() idempotent\n- sch_hfsc: make hfsc_qlen_notify() idempotent\n- sch_drr: make drr_qlen_notify() idempotent\n- btrfs: populate otime when logging an inode item\n- media: venus: hfi: explicitly release IRQ during teardown\n- f2fs: fix to avoid out-of-boundary access in dnode page\n- media: venus: protect against spurious interrupts during probe\n- media: qcom: camss: cleanup media device allocated resource on error path\n- media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.\n- drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS\n- pwm: mediatek: Fix duty and period setting\n- pwm: mediatek: Handle hardware enable and clock enable separately\n- pwm: mediatek: Implement .apply() callback\n- media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()\n- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()\n- media: v4l2-ctrls: always copy the controls on completion\n- ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig\n- soc: qcom: mdt_loader: Ensure we don't read past the ELF header\n- rtc: ds1307: handle oscillator stop flag (OSF) for ds1341\n- usb: musb: omap2430: fix device leak at unbind\n- NFS: Fix the setting of capabilities when automounting a new filesystem\n- NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()\n- NFSv4: Fix nfs4_bitmap_copy_adjust()\n- usb: typec: fusb302: cache PD RX state\n- cdc-acm: fix race between initial clearing halt and open\n- USB: cdc-acm: do not log successful probe on later errors\n- mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock\n- mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t\n- ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()\n- x86/fpu: Delay instruction pointer fixup until after warning\n- mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery\n- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()\n- pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov\n- tracing: Add down_write(trace_event_sem) when adding trace event\n- usb: hub: Don't try to recover devices lost during warm reset.\n- usb: hub: avoid warm port reset during USB3 disconnect\n- x86/mce/amd: Add default names for MCA banks and blocks\n- iio: hid-sensor-prox: Fix incorrect OFFSET calculation\n- f2fs: fix to do sanity check on ino and xnid\n- mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n\n- mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage()\n- drm/sched: Remove optimization that causes hang when killing dependent jobs\n- ice: Fix a null pointer dereference in ice_copy_and_init_pkg()\n- net: usbnet: Fix the wrong netif_carrier_on() call\n- net: usbnet: Avoid potential RCU stall on LINK_CHANGE event\n- PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports\n- ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value\n- comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large\n- comedi: Fix initialization of data for instructions that write to subdevice\n- kbuild: Add KBUILD_CPPFLAGS to as-option invocation\n- kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS\n- kbuild: Add CLANG_FLAGS to as-instr\n- mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation\n- kbuild: Update assembler calls to use proper flags and language target\n- ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS\n- usb: dwc3: Ignore late xferNotReady event to prevent halt timeout\n- USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles\n- usb: storage: realtek_cr: Use correct byte order for bcs->Residue\n- USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera\n- usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive\n- iio: proximity: isl29501: fix buffered read on big-endian systems\n- ftrace: Also allocate and copy hash for reading of filter files\n- fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()\n- use uniform permission checks for all mount propagation changes\n- move_mount: allow to add a mount into an existing group\n- fs/buffer: fix use-after-free when call bh_read() helper\n- drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs\n- drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3\n- memstick: Fix deadlock by moving removing flag earlier\n- media: venus: Add a check for packet size after reading from shared memory\n- media: ov2659: Fix memory leaks in ov2659_probe()\n- media: usbtv: Lock resolution while streaming\n- media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()\n- media: gspca: Add bounds checking to firmware parser\n- soc/tegra: pmc: Ensure power-domains are in a known state\n- jbd2: prevent softlockup in jbd2_log_do_checkpoint()\n- PCI: endpoint: Fix configfs group removal on driver teardown\n- PCI: endpoint: Fix configfs group list head handling\n- mtd: rawnand: fsmc: Add missing check after DMA map\n- pwm: imx-tpm: Reset counter if CMOD is 0\n- wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()\n- zynq_fpga: use sgtable-based scatterlist wrappers\n- ata: libata-scsi: Fix ata_to_sense_error() status handling\n- ext4: fix reserved gdt blocks handling in fsmap\n- ext4: fix fsmap end of range reporting with bigalloc\n- ext4: check fast symlink for ea_inode correctly\n- vt: defkeymap: Map keycodes above 127 to K_HOLE\n- vt: keyboard: Don't process Unicode characters in K_OFF mode\n- usb: dwc3: meson-g12a: fix device leaks at unbind\n- usb: gadget: udc: renesas_usb3: fix device leak at unbind\n- usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()\n- m68k: Fix lost column on framebuffer debug console\n- cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()\n- serial: 8250: fix panic due to PSLVERR\n- media: uvcvideo: Do not mark valid metadata as invalid\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n- mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()\n- parisc: Makefile: fix a typo in palo.conf\n- btrfs: fix log tree replay failure due to file with 0 links and extents\n- thunderbolt: Fix copy+paste error in match_service_id()\n- comedi: fix race between polling and detaching\n- misc: rtsx: usb: Ensure mmc child device is active when card is present\n- drm/amdgpu: fix incorrect vm flags to map bo\n- scsi: lpfc: Remove redundant assignment to avoid memory leak\n- rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe\n- pNFS: Fix uninited ptr deref in block/scsi layout\n- pNFS: Handle RPC size limit for layoutcommits\n- pNFS: Fix disk addr range check in block/scsi layout\n- pNFS: Fix stripe mapping in block/scsi layout\n- net: phy: smsc: add proper reset flags for LAN8710A\n- ipmi: Fix strcpy source and destination the same\n- kconfig: lxdialog: fix 'space' to (de)select options\n- kconfig: gconf: fix potential memory leak in renderer_edited()\n- kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()\n- ipmi: Use dev_warn_ratelimited() for incorrect message warnings\n- scsi: aacraid: Stop using PCI_IRQ_AFFINITY\n- scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans\n- kconfig: nconf: Ensure null termination where strncpy is used\n- kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c\n- i3c: don't fail if GETHDRCAP is unsupported\n- PCI: pnv_php: Work around switches with broken presence detection\n- i3c: add missing include to internal header\n- media: uvcvideo: Fix bandwidth issue for Alcor camera\n- media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar\n- media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()\n- media: usb: hdpvr: disable zero-length read messages\n- media: tc358743: Increase FIFO trigger level to 374\n- media: tc358743: Return an appropriate colorspace from tc358743_set_fmt\n- media: tc358743: Check I2C succeeded during probe\n- pinctrl: stm32: Manage irq affinity settings\n- scsi: mpt3sas: Correctly handle ATA device errors\n- scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure\n- RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()\n- MIPS: Don't crash in stack_top() for tasks without ABI or vDSO\n- jfs: upper bound check of tree index in dbAllocAG\n- jfs: Regular file corruption check\n- jfs: truncate good inode pages when hard link is 0\n- scsi: bfa: Double-free fix\n- MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}\n- watchdog: dw_wdt: Fix default timeout\n- fs/orangefs: use snprintf() instead of sprintf()\n- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated\n- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr\n- cifs: Fix calling CIFSFindFirst() for root path without msearch\n- vhost: fail early when __vhost_add_used() fails\n- net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325\n- uapi: in6: restore visibility of most IPv6 socket options\n- net: ncsi: Fix buffer overflow in fetching version id\n- net: dsa: b53: prevent SWITCH_CTRL access on BCM5325\n- net: dsa: b53: fix b53_imp_vlan_setup for BCM5325\n- net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs\n- wifi: iwlegacy: Check rate_idx range after addition\n- netmem: fix skb_frag_address_safe with unreadable skbs\n- wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.\n- wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect\n- wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()\n- net: fec: allow disable coalescing\n- (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer\n- s390/stp: Remove udelay from stp_sync_clock()\n- wifi: iwlwifi: mvm: fix scan request validation\n- net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()\n- net: ipv4: fix incorrect MTU in broadcast routes\n- wifi: cfg80211: Fix interface type validation\n- rcu: Protect ->defer_qs_iw_pending from data race\n- net: ag71xx: Add missing check after DMA map\n- et131x: Add missing check after DMA map\n- be2net: Use correct byte order and format string for TCP seq and ack_seq\n- s390/time: Use monotonic clock in get_cycles()\n- wifi: cfg80211: reject HTC bit for management frames\n- ktest.pl: Prevent recursion of default variable options\n- ASoC: codecs: rt5640: Retry DEVICE_ID verification\n- ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros\n- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control\n- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches\n- pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()\n- usb: core: usb_submit_urb: downgrade type check\n- ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4\n- ASoC: hdac_hdmi: Rate limit logging on connection and disconnection\n- mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()\n- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path\n- ACPI: processor: fix acpi_object initialization\n- PM: sleep: console: Fix the black screen issue\n- thermal: sysfs: Return ENODATA instead of EAGAIN for reads\n- PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()\n- selftests: tracing: Use mutex_unlock for testing glob filter\n- ARM: tegra: Use I/O memcpy to write to IRAM\n- gpio: tps65912: check the return value of regmap_update_bits()\n- ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed\n- ARM: rockchip: fix kernel hang during smp initialization\n- cpufreq: Exit governor when failed to start old governor\n- usb: xhci: Avoid showing errors during surprise removal\n- usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command\n- usb: xhci: Avoid showing warnings for dying controller\n- selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t\n- usb: xhci: print xhci->xhc_state when queue_command failed\n- securityfs: don't pin dentries twice, once is enough...\n- hfs: fix not erasing deleted b-tree node issue\n- drbd: add missing kref_get in handle_write_conflicts\n- udf: Verify partition map count\n- arm64: Handle KCOV __init vs inline mismatches\n- hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()\n- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()\n- hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()\n- hfs: fix slab-out-of-bounds in hfs_bnode_read()\n- sctp: linearize cloned gso packets in sctp_rcv\n- netfilter: ctnetlink: fix refcount leak on table dump\n- udp: also consider secpath when evaluating ipsec use for checksumming\n- ACPI: processor: perflib: Move problematic pr->performance check\n- ACPI: processor: perflib: Fix initial _PPC limit application\n- Documentation: ACPI: Fix parent device references\n- fs: Prevent file descriptor table allocations exceeding INT_MAX\n- sunvdc: Balance device refcount in vdc_port_mpgroup_check\n- NFSD: detect mismatch of file handle and delegation stateid in OPEN op\n- net: dpaa: fix device leak when querying time stamp info\n- net: gianfar: fix device leak when querying time stamp info\n- netlink: avoid infinite retry looping in netlink_unicast()\n- ALSA: usb-audio: Validate UAC3 cluster segment descriptors\n- ALSA: usb-audio: Validate UAC3 power domain descriptors, too\n- io_uring: don't use int for ABI\n- usb: gadget : fix use-after-free in composite_dev_cleanup()\n- MIPS: mm: tlb-r4k: Uniquify TLB entries on init\n- USB: serial: option: add Foxconn T99W709\n- vsock: Do not allow binding to VMADDR_PORT_ANY\n- net/packet: fix a race in packet_set_ring() and packet_notifier()\n- perf/core: Prevent VMA split of buffer mappings\n- perf/core: Exit early on perf_mmap() fail\n- perf/core: Don't leak AUX buffer refcount on allocation failure\n- pptp: fix pptp_xmit() error path\n- smb: client: let recv_done() cleanup before notifying the callers.\n- benet: fix BUG when creating VFs\n- net: drop UFO packets in udp_rcv_segment()\n- ipv6: reject malicious packets in ipv6_gso_segment()\n- pptp: ensure minimal skb length in pptp_xmit()\n- netpoll: prevent hanging NAPI when netcons gets enabled\n- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()\n- pci/hotplug/pnv-php: Wrap warnings in macro\n- pci/hotplug/pnv-php: Improve error msg on power state change failure\n- usb: chipidea: udc: fix sleeping function called from invalid context\n- f2fs: fix to avoid out-of-boundary access in devs.path\n- f2fs: fix to avoid panic in f2fs_evict_inode\n- f2fs: fix to avoid UAF in f2fs_sync_inode_meta()\n- rtc: pcf8563: fix incorrect maximum clock rate handling\n- rtc: hym8563: fix incorrect maximum clock rate handling\n- rtc: ds1307: fix incorrect maximum clock rate handling\n- module: Restore the moduleparam prefix length check\n- bpf: Check flow_dissector ctx accesses are aligned\n- mtd: rawnand: atmel: set pmecc data setup time\n- mtd: rawnand: atmel: Fix dma_mapping_error() address\n- jfs: fix metapage reference count leak in dbAllocCtl\n- fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref\n- crypto: qat - fix seq_file position update in adf_ring_next()\n- dmaengine: nbpfaxi: Add missing check after DMA map\n- dmaengine: mv_xor: Fix missing check after DMA map and missing unmap\n- fs/orangefs: Allow 2 more characters in do_c_string()\n- soundwire: stream: restore params when prepare ports fail\n- crypto: img-hash - Fix dma_unmap_sg() nents value\n- hwrng: mtk - handle devm_pm_runtime_enable errors\n- watchdog: ziirave_wdt: check record length in ziirave_firm_verify()\n- scsi: isci: Fix dma_unmap_sg() nents value\n- scsi: mvsas: Fix dma_unmap_sg() nents value\n- scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value\n- clk: sunxi-ng: v3s: Fix de clock definition\n- perf tests bp_account: Fix leaked file descriptor\n- crypto: ccp - Fix crash when rebind ccp device for ccp.ko\n- pinctrl: sunxi: Fix memory leak on krealloc failure\n- power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set\n- clk: davinci: Add NULL check in davinci_lpsc_clk_register()\n- mtd: fix possible integer overflow in erase_xfer()\n- crypto: marvell/cesa - Fix engine load inaccuracy\n- PCI: rockchip-host: Fix \"Unexpected Completion\" log message\n- vrf: Drop existing dst reference in vrf_ip6_input_dst\n- selftests: rtnetlink.sh: remove esp4_offload after test\n- netfilter: xt_nfacct: don't assume acct name is null-terminated\n- can: kvaser_usb: Assign netdev.dev_port based on device channel index\n- can: kvaser_pciefd: Store device channel index\n- wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE\n- Reapply \"wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()\"\n- mwl8k: Add missing check after DMA map\n- wifi: rtl8xxxu: Fix RX skb size for aggregation disabled\n- net/sched: Restrict conditions for adding duplicating netems to qdisc tree\n- arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX\n- drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value\n- m68k: Don't unregister boot console needlessly\n- tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range\n- iwlwifi: Add missing check for alloc_ordered_workqueue\n- wifi: iwlwifi: Fix memory leak in iwl_mvm_init()\n- wifi: rtl818x: Kill URBs before clearing tx status queue\n- caif: reduce stack size, again\n- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure\n- bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls\n- staging: nvec: Fix incorrect null termination of battery manufacturer\n- samples: mei: Fix building on musl libc\n- cpufreq: Init policy->rwsem before it may be possibly used\n- ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface\n- usb: early: xhci-dbc: Fix early_ioremap leak\n- Revert \"vmci: Prevent the dispatching of uninitialized payloads\"\n- pps: fix poll support\n- vmci: Prevent the dispatching of uninitialized payloads\n- staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()\n- ARM: dts: vfxxx: Correctly use two tuples for timer address\n- hfsplus: remove mutex_lock check in hfsplus_free_extents\n- ASoC: Intel: fix SND_SOC_SOF dependencies\n- ethernet: intel: fix building with large NR_CPUS\n- usb: phy: mxs: disconnect line when USB charger is attached\n- usb: chipidea: add USB PHY event\n- usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use\n- usb: chipidea: udc: protect usb interrupt enable\n- usb: chipidea: udc: add new API ci_hdrc_gadget_connect\n- ALSA: hda: Add missing NVIDIA HDA codec IDs\n- comedi: comedi_test: Fix possible deletion of uninitialized timers\n- nilfs2: reject invalid file types when reading inodes\n- i2c: qup: jump out of the loop in case of timeout\n- net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class\n- net: appletalk: Fix use-after-free in AARP proxy probe\n- net: appletalk: fix kerneldoc warnings\n- RDMA/core: Rate limit GID cache warning messages\n- regulator: core: fix NULL dereference on unbind due to stale coupling data\n- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm\n- usb: hub: fix detection of high tier USB3 devices behind suspended hubs\n- net_sched: sch_sfq: reject invalid perturb period\n- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition\n- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync\n- power: supply: bq24190_charger: Fix runtime PM imbalance on error\n- xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS\n- virtio-net: ensure the received length does not exceed allocated size\n- ASoC: fsl_sai: Force a software reset when starting in consumer mode\n- usb: dwc3: qcom: Don't leave BCR asserted\n- usb: musb: fix gadget state on disconnect\n- net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree\n- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime\n- Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU\n- Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout\n- Bluetooth: SMP: If an unallowed command is received consider it a failure\n- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\n- usb: net: sierra: check for no status endpoint\n- net/sched: sch_qfq: Fix race condition on qfq_aggregate\n- net: emaclite: Fix missing pointer increment in aligned_read()\n- comedi: Fix use of uninitialized data in insn_rw_emulate_bits()\n- comedi: Fix some signed shift left operations\n- comedi: das6402: Fix bit shift out of bounds\n- comedi: das16m1: Fix bit shift out of bounds\n- comedi: aio_iiro_16: Fix bit shift out of bounds\n- comedi: pcl812: Fix bit shift out of bounds\n- iio: adc: stm32-adc: Fix race in installing chained IRQ handler\n- iio: adc: max1363: Reorder mode_list[] entries\n- iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]\n- soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled\n- soc: aspeed: lpc-snoop: Cleanup resources in stack-order\n- mmc: sdhci_am654: Workaround for Errata i2312\n- mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models\n- mmc: bcm2835: Fix dma_unmap_sg() nents value\n- memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()\n- isofs: Verify inode mode when loading from disk\n- dmaengine: nbpfaxi: Fix memory corruption in probe()\n- af_packet: fix soft lockup issue caused by tpacket_snd()\n- af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()\n- phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()\n- HID: core: do not bypass hid_hw_raw_request\n- HID: core: ensure __hid_request reserves the report ID as the first byte\n- HID: core: ensure the allocated report buffer can contain the reserved report ID\n- pch_uart: Fix dma_sync_sg_for_device() nents value\n- Input: xpad - set correct controller type for Acer NGR200\n- i2c: stm32: fix the device used for the DMA map\n- usb: gadget: configfs: Fix OOB read on empty string write\n- USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI\n- USB: serial: option: add Foxconn T99W640\n- USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition\n- LTS tag: v5.4.296\n- x86/mm: Disable hugetlb page table sharing on 32-bit\n- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID\n- HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras\n- HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY\n- vt: add missing notification when switching back to text mode\n- net: usb: qmi_wwan: add SIMCom 8230C composition\n- atm: idt77252: Add missing `dma_map_error()`\n- bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT\n- bnxt_en: Fix DCB ETS validation\n- can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level\n- net: phy: microchip: limit 100M workaround to link-down events on LAN88xx\n- net: appletalk: Fix device refcount leak in atrtr_create()\n- md/raid1: Fix stack memory use after return in raid1_reshape\n- wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()\n- dma-buf: fix timeout handling in dma_resv_wait_timeout v2\n- Input: xpad - support Acer NGR 200 Controller\n- Input: xpad - add VID for Turtle Beach controllers\n- Input: xpad - add support for Amazon Game Controller\n- NFSv4/flexfiles: Fix handling of NFS level errors in I/O\n- flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes\n- RDMA/mlx5: Fix vport loopback for MPV device\n- netlink: Fix rmem check in netlink_broadcast_deliver().\n- netlink: make sure we allow at least one dump skb\n- Revert \"ACPI: battery: negate current when discharging\"\n- usb: gadget: u_serial: Fix race condition in TTY wakeup\n- drm/sched: Increment job count before swapping tail spsc queue\n- pinctrl: qcom: msm: mark certain pins as invalid for interrupts\n- x86/mce: Make sure CMCI banks are cleared during shutdown on Intel\n- x86/mce: Don't remove sysfs if thresholding sysfs init fails\n- x86/mce/amd: Fix threshold limit reset\n- rxrpc: Fix oops due to non-existence of prealloc backlog struct\n- net/sched: Abort __tc_modify_qdisc if parent class does not exist\n- atm: clip: Fix NULL pointer dereference in vcc_sendmsg()\n- atm: clip: Fix infinite recursive call of clip_push().\n- atm: clip: Fix memory leak of struct clip_vcc.\n- atm: clip: Fix potential null-ptr-deref in to_atmarpd().\n- tipc: Fix use-after-free in tipc_conn_close().\n- netlink: Fix wraparounds of sk->sk_rmem_alloc.\n- fix proc_sys_compare() handling of in-lookup dentries\n- proc: Clear the pieces of proc_inode that proc_evict_inode cares about\n- drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\n- staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher()\n- media: uvcvideo: Rollback non processed entities on error\n- media: uvcvideo: Send control events for partial succeeds\n- media: uvcvideo: Return the number of processed controls\n- ACPI: PAD: fix crash in exit_round_robin()\n- usb: typec: displayport: Fix potential deadlock\n- Logitech C-270 even more broken\n- rose: fix dangling neighbour pointers in rose_rt_device_down()\n- net: rose: Fix fall-through warnings for Clang\n- drm/i915/gt: Fix timeline left held on VMA alloc error\n- drm/i915/selftests: Change mock_request() to return error pointers\n- spi: spi-fsl-dspi: Clear completion counter before initiating transfer\n- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path\n- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write\n- dpaa2-eth: fix xdp_rxq_info leak\n- ethernet: atl1: Add missing DMA mapping error checks and count errors\n- btrfs: use btrfs_record_snapshot_destroy() during rmdir\n- btrfs: propagate last_unlink_trans earlier when doing a rmdir\n- RDMA/mlx5: Fix CC counters query for MPV\n- RDMA/core: Create and destroy counters in the ib_core\n- scsi: ufs: core: Fix spelling of a sysfs attribute name\n- drm/v3d: Disable interrupts before resetting the GPU\n- mtk-sd: reset host->mrq on prepare_data() error\n- mtk-sd: Prevent memory corruption from DMA map failure\n- mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()\n- regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\n- regulator: gpio: Add input_supply support in gpio_regulator_config\n- ACPICA: Refuse to evaluate a method if arguments are missing\n- wifi: ath6kl: remove WARN on bad firmware input\n- wifi: mac80211: drop invalid source address OCB frames\n- powerpc: Fix struct termio related ioctl macros\n- ata: pata_cs5536: fix build on 32-bit UML\n- ALSA: sb: Force to disable DMAs once when DMA mode is changed\n- nui: Fix dma_mapping_error() check\n- enic: fix incorrect MTU comparison in enic_change_mtu()\n- amd-xgbe: align CL37 AN sequence as per databook\n- lib: test_objagg: Set error message in check_expect_hints_stats()\n- drm/exynos: fimd: Guard display clock control with runtime PM calls\n- btrfs: fix missing error handling when searching for inode refs during log replay\n- scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu()\n- nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\n- RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert\n- platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment\n- mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data\n- usb: typec: altmodes/displayport: do not index invalid pin_assignments\n- mmc: sdhci: Add a helper function for dump register in dynamic debug mode\n- vsock/vmci: Clear the vmci transport packet properly when initializing it\n- btrfs: don't abort filesystem when attempting to snapshot deleted subvolume\n- arm64: Restrict pagetable teardown to avoid false warning\n- s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS\n- drm/bridge: cdns-dsi: Check return value when getting default PHY config\n- drm/bridge: cdns-dsi: Fix connecting to next bridge\n- drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()\n- drm/tegra: Assign plane type before registration\n- HID: wacom: fix kobject reference count leak\n- HID: wacom: fix memory leak on sysfs attribute creation failure\n- HID: wacom: fix memory leak on kobject creation failure\n- dm-raid: fix variable in journal device check\n- Bluetooth: L2CAP: Fix L2CAP MTU negotiation\n- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().\n- net: enetc: Correct endianness handling in _enetc_rd_reg64\n- um: ubd: Add missing error check in start_io_thread()\n- vsock/uapi: fix linux/vm_sockets.h userspace compilation errors\n- wifi: mac80211: fix beacon interval calculation overflow\n- attach_recursive_mnt(): do not lock the covering tree when sliding something under it\n- ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\n- i2c: robotfuzz-osif: disable zero-length read messages\n- i2c: tiny-usb: disable zero-length read messages\n- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n- RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private\n- media: vivid: Change the siize of the composing\n- media: omap3isp: use sgtable-based scatterlist wrappers\n- media: cxusb: no longer judge rbuf when the write fails\n- media: cxusb: use dev_dbg() rather than hand-rolled debug\n- jfs: validate AG parameters in dbMount() to prevent crashes\n- fs/jfs: consolidate sanity checking in dbMount\n- ASoC: meson: meson-card-utils: use of_property_present() for DT parsing\n- of: Add of_property_present() helper\n- of: property: define of_property_read_u{8,16,32,64}_array() unconditionally\n- kbuild: hdrcheck: fix cross build with clang\n- kbuild: add --target to correctly cross-compile UAPI headers with Clang\n- bpfilter: match bit size of bpfilter_umh to that of the kernel\n- kbuild: use -MMD instead of -MD to exclude system headers from dependency\n- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\n- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF\n- ovl: Check for NULL d_inode() in ovl_dentry_upper()\n- ceph: fix possible integer overflow in ceph_zero_objects()\n- ALSA: hda: Ignore unsol events for cards being shut down\n- usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode\n- usb: cdc-wdm: avoid setting WDM_READ for ZLP-s\n- usb: Add checks for snprintf() calls in usb_alloc_dev()\n- tty: serial: uartlite: register uart driver in init\n- usb: potential integer overflow in usbg_make_tpg()\n- iio: pressure: zpa2326: Use aligned_s64 for the timestamp\n- md/md-bitmap: fix dm-raid max_write_behind setting\n- dmaengine: xilinx_dma: Set dma_device directions\n- mfd: max14577: Fix wakeup source leaks on device unbind\n- mailbox: Not protect module_put with spin_lock_irqsave\n- cifs: Fix cifs_query_path_info() for Windows NT servers",
        "title": "Details"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://tuxcare.com/contact/",
      "name": "TuxCare",
      "namespace": "https://tuxcare.com/"
    },
    "references": [
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2025/clsa-2025_1764085382.json"
      },
      {
        "category": "self",
        "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764085382",
        "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764085382"
      }
    ],
    "tracking": {
      "current_release_date": "2025-11-25T16:04:50Z",
      "generator": {
        "date": "2025-11-25T16:04:50Z",
        "engine": {
          "name": "pyCSAF"
        }
      },
      "id": "CLSA-2025:1764085382",
      "initial_release_date": "2025-11-25T16:04:50Z",
      "revision_history": [
        {
          "date": "2025-11-25T16:04:50Z",
          "number": "1",
          "summary": "Initial version"
        }
      ],
      "status": "final",
      "version": "1"
    },
    "title": "kernel-uek: Fix of 252 CVEs"
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Oracle Linux 7",
                "product": {
                  "name": "Oracle Linux 7",
                  "product_id": "Oracle-Linux-7",
                  "product_identification_helper": {
                    "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Oracle Linux"
          }
        ],
        "category": "vendor",
        "name": "Oracle Corporation"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/bpftool@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek-tools@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek-container@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/python-perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek-headers@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek-debug-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek-container-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                "product": {
                  "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_id": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/tuxcare/kernel-uek-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els4?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "TuxCare"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64 as a component of Oracle Linux 7",
          "product_id": "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        },
        "product_reference": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
        "relates_to_product_reference": "Oracle-Linux-7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-43877",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pci: ivtv: Add check for DMA map result\n\nIn case DMA fails, 'dma->SG_length' is 0. This value is later used to\naccess 'dma->SGarray[dma->SG_length - 1]', which will cause out of\nbounds access.\n\nAdd check to return early on invalid value. Adjust warnings accordingly.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-43877"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718",
          "url": "https://git.kernel.org/stable/c/24062aa7407091dee3e45a8e8037df437e848718"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/38f72c7e7c6b55614f9407555fd5ce9d019b0fa4",
          "url": "https://git.kernel.org/stable/c/38f72c7e7c6b55614f9407555fd5ce9d019b0fa4"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a",
          "url": "https://git.kernel.org/stable/c/3d8fd92939e21ff0d45100ab208f8124af79402a"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9",
          "url": "https://git.kernel.org/stable/c/629913d6d79508b166c66e07e4857e20233d85a9"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/81d0664bed91a858c7b50c263954b59d65f1b414",
          "url": "https://git.kernel.org/stable/c/81d0664bed91a858c7b50c263954b59d65f1b414"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b",
          "url": "https://git.kernel.org/stable/c/c766065e8272085ea9c436414b7ddf1f12e7787b"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
        }
      ],
      "release_date": "2024-08-21T01:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2024-35937",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: check A-MSDU format more carefully\n\nIf it looks like there's another subframe in the A-MSDU\nbut the header isn't fully there, we can end up reading\ndata out of bounds, only to discard later. Make this a\nbit more careful and check if the subframe header can\neven be present.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35937"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544",
          "url": "https://git.kernel.org/stable/c/16da1e1dac23be45ef6e23c41b1508c400e6c544"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9",
          "url": "https://git.kernel.org/stable/c/5d7a8585fbb31e88fb2a0f581b70667d3300d1e9"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc",
          "url": "https://git.kernel.org/stable/c/9ad7974856926129f190ffbe3beea78460b3b7cc"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e",
          "url": "https://git.kernel.org/stable/c/9eb3bc0973d084423a6df21cf2c74692ff05647e"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
        }
      ],
      "release_date": "2024-05-19T11:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2024-41069",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: topology: Fix references to freed memory\n\nMost users after parsing a topology file, release memory used by it, so\nhaving pointer references directly into topology file contents is wrong.\nUse devm_kmemdup(), to allocate memory as needed.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41069"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1",
          "url": "https://git.kernel.org/stable/c/97ab304ecd95c0b1703ff8c8c3956dc6e2afe8e1"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d",
          "url": "https://git.kernel.org/stable/c/ab5a6208b4d6872b1c6ecea1867940fc668cc76d"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2",
          "url": "https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702",
          "url": "https://git.kernel.org/stable/c/ccae5c6a1fab9494c86b7856faf05e296c617702"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
        }
      ],
      "release_date": "2024-07-29T15:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2024-35966",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: RFCOMM: Fix not validating setsockopt user input\n\nsyzbot reported rfcomm_sock_setsockopt_old() is copying data without\nchecking user input length.\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset\ninclude/linux/sockptr.h:49 [inline]\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr\ninclude/linux/sockptr.h:55 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old\nnet/bluetooth/rfcomm/sock.c:632 [inline]\nBUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70\nnet/bluetooth/rfcomm/sock.c:673\nRead of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35966"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/00767fbd67af70d7a550caa5b12d9515fa978bab",
          "url": "https://git.kernel.org/stable/c/00767fbd67af70d7a550caa5b12d9515fa978bab"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546",
          "url": "https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695",
          "url": "https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f",
          "url": "https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/d072ea24748189cd8f4a9c3f585ca9af073a0838",
          "url": "https://git.kernel.org/stable/c/d072ea24748189cd8f4a9c3f585ca9af073a0838"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872",
          "url": "https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
        }
      ],
      "release_date": "2024-05-20T10:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2024-36914",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip on writeback when it's not applicable\n\n[WHY]\ndynamic memory safety error detector (KASAN) catches and generates error\nmessages \"BUG: KASAN: slab-out-of-bounds\" as writeback connector does not\nsupport certain features which are not initialized.\n\n[HOW]\nSkip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-36914"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/87de0a741ef6d93fcb99983138a0d89a546a043c",
          "url": "https://git.kernel.org/stable/c/87de0a741ef6d93fcb99983138a0d89a546a043c"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7",
          "url": "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d",
          "url": "https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae",
          "url": "https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
        }
      ],
      "release_date": "2024-05-30T16:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38546",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\natm: clip: Fix memory leak of struct clip_vcc.\nioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to\nvcc->user_back.\nThe code assumes that vcc_destroy_socket() passes NULL skb\nto vcc->push() when the socket is close()d, and then clip_push()\nfrees clip_vcc.\nHowever, ioctl(ATMARPD_CTRL) sets NULL to vcc->push() in\natm_init_atmarp(), resulting in memory leak.\nLet's serialise two ioctl() by lock_sock() and check vcc->push()\nin atm_init_atmarp() to prevent memleak.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38546"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38542",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: appletalk: Fix device refcount leak in atrtr_create()\nWhen updating an existing route entry in atrtr_create(), the old device\nreference was not being released before assigning the new device,\nleading to a device refcount leak. Fix this by calling dev_put() to\nrelease the old device reference before holding the new one.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38542"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38538",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: nbpfaxi: Fix memory corruption in probe()\nThe nbpf->chan[] array is allocated earlier in the nbpf_probe() function\nand it has \"num_channels\" elements.  These three loops iterate one\nelement farther than they should and corrupt memory.\nThe changes to the second loop are more involved.  In this case, we're\ncopying data from the irqbuf[] array into the nbpf->chan[] array.  If\nthe data in irqbuf[i] is the error IRQ then we skip it, so the iterators\nare not in sync.  I added a check to ensure that we don't go beyond the\nend of the irqbuf[] array.  I'm pretty sure this can't happen, but it\nseemed harmless to add a check.\nOn the other hand, after the loop has ended there is a check to ensure\nthat the \"chan\" iterator is where we expect it to be.  In the original\ncode we went one element beyond the end of the array so the iterator\nwasn't in the correct place and it would always return -EINVAL.  However,\nnow it will always be in the correct place.  I deleted the check since\nwe know the result.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38538"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40030",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\npinctrl: check the return value of pinmux_ops::get_function_name()\nWhile the API contract in docs doesn't specify it explicitly, the\ngeneric implementation of the get_function_name() callback from struct\npinmux_ops - pinmux_generic_get_function_name() - can fail and return\nNULL. This is already checked in pinmux_check_ops() so add a similar\ncheck in pinmux_func_name_to_selector() instead of passing the returned\npointer right down to strcmp() where the NULL can get dereferenced. This\nis normal operation when adding new pinfunctions.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40030"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2024-56616",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/dp_mst: Fix MST sideband message body length check\n\nFix the MST sideband message body length check, which must be at least 1\nbyte accounting for the message body CRC (aka message data CRC) at the\nend of the message.\n\nThis fixes a case where an MST branch device returns a header with a\ncorrect header CRC (indicating a correctly received body length), with\nthe body length being incorrectly set to 0. This will later lead to a\nmemory corruption in drm_dp_sideband_append_payload() and the following\nerrors in dmesg:\n\n   UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25\n   index -1 is out of range for type 'u8 [48]'\n   Call Trace:\n    drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper]\n    drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n    drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]\n\n   memcpy: detected field-spanning write (size 18446744073709551615) of single field \"&msg->msg[msg->curlen]\" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256)\n   Call Trace:\n    drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper]\n    drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper]\n    drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper]",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-56616"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af",
          "url": "https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef",
          "url": "https://git.kernel.org/stable/c/1fc1f32c4a3421b9d803f18ec3ef49db2fb5d5ef"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5",
          "url": "https://git.kernel.org/stable/c/70e7166612f4e6da8d7d0305c47c465d88d037e5"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96",
          "url": "https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763",
          "url": "https://git.kernel.org/stable/c/bd2fccac61b40eaf08d9546acc9fef958bfe4763"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801",
          "url": "https://git.kernel.org/stable/c/c58947a8d4a500902597ee1dbadf0518d7ff8801"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
        }
      ],
      "release_date": "2024-12-27T15:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38262",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ntty: serial: uartlite: register uart driver in init\nWhen two instances of uart devices are probing, a concurrency race can\noccur. If one thread calls uart_register_driver function, which first\nallocates and assigns memory to 'uart_state' member of uart_driver\nstructure, the other instance can bypass uart driver registration and\ncall ulite_assign. This calls uart_add_one_port, which expects the uart\ndriver to be fully initialized. This leads to a kernel panic due to a\nnull pointer dereference:\n[    8.143581] BUG: kernel NULL pointer dereference, address: 00000000000002b8\n[    8.156982] #PF: supervisor write access in kernel mode\n[    8.156984] #PF: error_code(0x0002) - not-present page\n[    8.156986] PGD 0 P4D 0\n...\n[    8.180668] RIP: 0010:mutex_lock+0x19/0x30\n[    8.188624] Call Trace:\n[    8.188629]  ? __die_body.cold+0x1a/0x1f\n[    8.195260]  ? page_fault_oops+0x15c/0x290\n[    8.209183]  ? __irq_resolve_mapping+0x47/0x80\n[    8.209187]  ? exc_page_fault+0x64/0x140\n[    8.209190]  ? asm_exc_page_fault+0x22/0x30\n[    8.209196]  ? mutex_lock+0x19/0x30\n[    8.223116]  uart_add_one_port+0x60/0x440\n[    8.223122]  ? proc_tty_register_driver+0x43/0x50\n[    8.223126]  ? tty_register_driver+0x1ca/0x1e0\n[    8.246250]  ulite_probe+0x357/0x4b0 [uartlite]\nTo prevent it, move uart driver registration in to init function. This\nwill ensure that uart_driver is always registered when probe function\nis called.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38262"
        }
      ],
      "release_date": "2025-07-09T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38249",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()\nIn snd_usb_get_audioformat_uac3(), the length value returned from\nsnd_usb_ctl_msg() is used directly for memory allocation without\nvalidation. This length is controlled by the USB device.\nThe allocated buffer is cast to a uac3_cluster_header_descriptor\nand its fields are accessed without verifying that the buffer\nis large enough. If the device returns a smaller than expected\nlength, this leads to an out-of-bounds read.\nAdd a length check to ensure the buffer is large enough for\nuac3_cluster_header_descriptor.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38249"
        }
      ],
      "release_date": "2025-07-09T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38226",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: vivid: Change the siize of the composing\nsyzkaller found a bug:\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\nBUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nWrite of size 1440 at addr ffffc9000d0ffda0 by task vivid-000-vid-c/5304\nCPU: 0 UID: 0 PID: 5304 Comm: vivid-000-vid-c Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:378 [inline]\nprint_report+0x169/0x550 mm/kasan/report.c:489\nkasan_report+0x143/0x180 mm/kasan/report.c:602\nkasan_check_range+0x282/0x290 mm/kasan/generic.c:189\n__asan_memcpy+0x40/0x70 mm/kasan/shadow.c:106\ntpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline]\ntpg_fill_plane_buffer+0x1a9c/0x5af0 drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2705\nvivid_fillbuff drivers/media/test-drivers/vivid/vivid-kthread-cap.c:470 [inline]\nvivid_thread_vid_cap_tick+0xf8e/0x60d0 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:629\nvivid_thread_vid_cap+0x8aa/0xf30 drivers/media/test-drivers/vivid/vivid-kthread-cap.c:767\nkthread+0x7a9/0x920 kernel/kthread.c:464\nret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n</TASK>\nThe composition size cannot be larger than the size of fmt_cap_rect.\nSo execute v4l2_rect_map_inside() even if has_compose_cap == 0.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38226"
        }
      ],
      "release_date": "2025-07-04T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40205",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nbtrfs: avoid potential out-of-bounds in btrfs_encode_fh()\nThe function btrfs_encode_fh() does not properly account for the three\ncases it handles.\nBefore writing to the file handle (fh), the function only returns to the\nuser BTRFS_FID_SIZE_NON_CONNECTABLE (5 dwords, 20 bytes) or\nBTRFS_FID_SIZE_CONNECTABLE (8 dwords, 32 bytes).\nHowever, when a parent exists and the root ID of the parent and the\ninode are different, the function writes BTRFS_FID_SIZE_CONNECTABLE_ROOT\n(10 dwords, 40 bytes).\nIf *max_len is not large enough, this write goes out of bounds because\nBTRFS_FID_SIZE_CONNECTABLE_ROOT is greater than\nBTRFS_FID_SIZE_CONNECTABLE originally returned.\nThis results in an 8-byte out-of-bounds write at\nfid->parent_root_objectid = parent_root_id.\nA previous attempt to fix this issue was made but was lost.\nhttps://lore.kernel.org/all/4CADAEEC020000780001B32C@vpn.id2.novell.com/\nAlthough this issue does not seem to be easily triggerable, it is a\npotential memory corruption bug that should be fixed. This patch\nresolves the issue by ensuring the function returns the appropriate size\nfor all three cases and validates that *max_len is large enough before\nwriting any data.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40205"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40200",
      "cwe": {
        "id": "CWE-839",
        "name": "Numeric Range Comparison Without Minimum Check"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nSquashfs: reject negative file sizes in squashfs_read_inode()\nSyskaller reports a \"WARNING in ovl_copy_up_file\" in overlayfs.\nThis warning is ultimately caused because the underlying Squashfs file\nsystem returns a file with a negative file size.\nThis commit checks for a negative file size and returns EINVAL.\n[phillip@squashfs.org.uk: only need to check 64 bit quantity]",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40200"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40190",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\next4: guard against EA inode refcount underflow in xattr update\nsyzkaller found a path where ext4_xattr_inode_update_ref() reads an EA\ninode refcount that is already <= 0 and then applies ref_change (often\n-1). That lets the refcount underflow and we proceed with a bogus value,\ntriggering errors like:\nEXT4-fs error: EA inode <n> ref underflow: ref_count=-1 ref_change=-1\nEXT4-fs warning: ea_inode dec ref err=-117\nMake the invariant explicit: if the current refcount is non-positive,\ntreat this as on-disk corruption, emit ext4_error_inode(), and fail the\noperation with -EFSCORRUPTED instead of updating the refcount. Delete the\nWARN_ONCE() as negative refcounts are now impossible; keep error reporting\nin ext4_error_inode().\nThis prevents the underflow and the follow-on orphan/cleanup churn.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40190"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40188",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\npwm: berlin: Fix wrong register in suspend/resume\nThe 'enable' register should be BERLIN_PWM_EN rather than\nBERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there\nwill be cpu exception then kernel panic during suspend/resume.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40188"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40187",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()\nIf new_asoc->peer.adaptation_ind=0 and sctp_ulpevent_make_authkey=0\nand sctp_ulpevent_make_authkey() returns 0, then the variable\nai_ev remains zero and the zero will be dereferenced\nin the sctp_ulpevent_free() function.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40187"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40178",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\npid: Add a judgment for ns null in pid_nr_ns\n__task_pid_nr_ns\nns = task_active_pid_ns(current);\npid_nr_ns(rcu_dereference(*task_pid_ptr(task, type)), ns);\nif (pid && ns->level <= pid->level) {\nSometimes null is returned for task_active_pid_ns. Then it will trigger kernel panic in pid_nr_ns.\nFor example:\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000058\nMem abort info:\nESR = 0x0000000096000007\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nFSC = 0x07: level 3 translation fault\nData abort info:\nISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\nCM = 0, WnR = 0, TnD = 0, TagAccess = 0\nGCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nuser pgtable: 4k pages, 39-bit VAs, pgdp=00000002175aa000\n[0000000000000058] pgd=08000002175ab003, p4d=08000002175ab003, pud=08000002175ab003, pmd=08000002175be003, pte=0000000000000000\npstate: 834000c5 (Nzcv daIF +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : __task_pid_nr_ns+0x74/0xd0\nlr : __task_pid_nr_ns+0x24/0xd0\nsp : ffffffc08001bd10\nx29: ffffffc08001bd10 x28: ffffffd4422b2000 x27: 0000000000000001\nx26: ffffffd442821168 x25: ffffffd442821000 x24: 00000f89492eab31\nx23: 00000000000000c0 x22: ffffff806f5693c0 x21: ffffff806f5693c0\nx20: 0000000000000001 x19: 0000000000000000 x18: 0000000000000000\nx17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 00000000023a1adc\nx14: 0000000000000003 x13: 00000000007ef6d8 x12: 001167c391c78800\nx11: 00ffffffffffffff x10: 0000000000000000 x9 : 0000000000000001\nx8 : ffffff80816fa3c0 x7 : 0000000000000000 x6 : 49534d702d535449\nx5 : ffffffc080c4c2c0 x4 : ffffffd43ee128c8 x3 : ffffffd43ee124dc\nx2 : 0000000000000000 x1 : 0000000000000001 x0 : ffffff806f5693c0\nCall trace:\n__task_pid_nr_ns+0x74/0xd0\n...\n__handle_irq_event_percpu+0xd4/0x284\nhandle_irq_event+0x48/0xb0\nhandle_fasteoi_irq+0x160/0x2d8\ngeneric_handle_domain_irq+0x44/0x60\ngic_handle_irq+0x4c/0x114\ncall_on_irq_stack+0x3c/0x74\ndo_interrupt_handler+0x4c/0x84\nel1_interrupt+0x34/0x58\nel1h_64_irq_handler+0x18/0x24\nel1h_64_irq+0x68/0x6c\naccount_kernel_stack+0x60/0x144\nexit_task_stack_account+0x1c/0x80\ndo_exit+0x7e4/0xaf8\n...\nget_signal+0x7bc/0x8d8\ndo_notify_resume+0x128/0x828\nel0_svc+0x6c/0x70\nel0t_64_sync_handler+0x68/0xbc\nel0t_64_sync+0x1a8/0x1ac\nCode: 35fffe54 911a02a8 f9400108 b4000128 (b9405a69)\n---[ end trace 0000000000000000 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40178"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40173",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/ip6_tunnel: Prevent perpetual tunnel growth\nSimilarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too.\nWhile ipv4 tunnel headroom adjustment growth was limited in\ncommit 5ae1e9922bbd (\"net: ip_tunnel: prevent perpetual headroom growth\"),\nipv6 tunnel yet increases the headroom without any ceiling.\nReflect ipv4 tunnel headroom adjustment limit on ipv6 version.\nCredits to Francesco Ruggeri, who was originally debugging this issue\nand wrote local Arista-specific patch and a reproducer.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40173"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40167",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\next4: detect invalid INLINE_DATA + EXTENTS flag combination\nsyzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity\nfile on a corrupted ext4 filesystem mounted without a journal.\nThe issue is that the filesystem has an inode with both the INLINE_DATA\nand EXTENTS flags set:\nEXT4-fs error (device loop0): ext4_cache_extents:545: inode #15:\ncomm syz.0.17: corrupted extent tree: lblk 0 < prev 66\nInvestigation revealed that the inode has both flags set:\nDEBUG: inode 15 - flag=1, i_inline_off=164, has_inline=1, extents_flag=1\nThis is an invalid combination since an inode should have either:\n- INLINE_DATA: data stored directly in the inode\n- EXTENTS: data stored in extent-mapped blocks\nHaving both flags causes ext4_has_inline_data() to return true, skipping\nextent tree validation in __ext4_iget(). The unvalidated out-of-order\nextents then trigger a BUG_ON in ext4_es_cache_extent() due to integer\nunderflow when calculating hole sizes.\nFix this by detecting this invalid flag combination early in ext4_iget()\nand rejecting the corrupted inode.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40167"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40121",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping\nWhen an invalid value is passed via quirk option, currently\nbytcr_rt5640 driver just ignores and leaves as is, which may lead to\nunepxected results like OOB access.\nThis patch adds the sanity check and corrects the input mapping to the\ncertain default value if an invalid value is passed.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40121"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38529",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncomedi: aio_iiro_16: Fix bit shift out of bounds\nWhen checking for a supported IRQ number, the following test is used:\nif ((1 << it->options[1]) & 0xdcfc) {\nHowever, `it->options[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds.  Fix the test by\nrequiring `it->options[1]` to be within bounds before proceeding with\nthe original test.  Valid `it->options[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38529"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38516",
      "cwe": {
        "id": "CWE-229",
        "name": "Improper Handling of Values"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\npinctrl: qcom: msm: mark certain pins as invalid for interrupts\nOn some platforms, the UFS-reset pin has no interrupt logic in TLMM but\nis nevertheless registered as a GPIO in the kernel. This enables the\nuser-space to trigger a BUG() in the pinctrl-msm driver by running, for\nexample: `gpiomon -c 0 113` on RB2.\nThe exact culprit is requesting pins whose intr_detection_width setting\nis not 1 or 2 for interrupts. This hits a BUG() in\nmsm_gpio_irq_set_type(). Potentially crashing the kernel due to an\ninvalid request from user-space is not optimal, so let's go through the\npins and mark those that would fail the check as invalid for the irq chip\nas we should not even register them as available irqs.\nThis function can be extended if we determine that there are more\ncorner-cases like this.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38516"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38515",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/sched: Increment job count before swapping tail spsc queue\nA small race exists between spsc_queue_push and the run-job worker, in\nwhich spsc_queue_push may return not-first while the run-job worker has\nalready idled due to the job count being zero. If this race occurs, job\nscheduling stops, leading to hangs while waiting on the job’s DMA\nfences.\nSeal this race by incrementing the job count before appending to the\nSPSC queue.\nThis race was observed on a drm-tip 6.16-rc1 build with the Xe driver in\nan SVM test case.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38515"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38513",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()\nThere is a potential NULL pointer dereference in zd_mac_tx_to_dev(). For\nexample, the following is possible:\nT0    T1\nzd_mac_tx_to_dev()\n/* len == skb_queue_len(q) */\nwhile (len > ZD_MAC_MAX_ACK_WAITERS) {\nfilter_ack()\nspin_lock_irqsave(&q->lock, flags);\n/* position == skb_queue_len(q) */\nfor (i=1; i<position; i++)\nskb = __skb_dequeue(q)\nif (mac->type == NL80211_IFTYPE_AP)\nskb = __skb_dequeue(q);\nspin_unlock_irqrestore(&q->lock, flags);\nskb_dequeue() -> NULL\nSince there is a small gap between checking skb queue length and skb being\nunconditionally dequeued in zd_mac_tx_to_dev(), skb_dequeue() can return NULL.\nThen the pointer is passed to zd_mac_tx_status() where it is dereferenced.\nIn order to avoid potential NULL pointer dereference due to situations like\nabove, check if skb is not NULL before passing it to zd_mac_tx_status().\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38513"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38487",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nsoc: aspeed: lpc-snoop: Don't disable channels that aren't enabled\nMitigate e.g. the following:\n# echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind\n...\n[  120.363594] Unable to handle kernel NULL pointer dereference at virtual address 00000004 when write\n[  120.373866] [00000004] *pgd=00000000\n[  120.377910] Internal error: Oops: 805 [#1] SMP ARM\n[  120.383306] CPU: 1 UID: 0 PID: 315 Comm: sh Not tainted 6.15.0-rc1-00009-g926217bc7d7d-dirty #20 NONE\n...\n[  120.679543] Call trace:\n[  120.679559]  misc_deregister from aspeed_lpc_snoop_remove+0x84/0xac\n[  120.692462]  aspeed_lpc_snoop_remove from platform_remove+0x28/0x38\n[  120.700996]  platform_remove from device_release_driver_internal+0x188/0x200\n...",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38487"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38483",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncomedi: das16m1: Fix bit shift out of bounds\nWhen checking for a supported IRQ number, the following test is used:\n/* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */\nif ((1 << it->options[1]) & 0xdcfc) {\nHowever, `it->options[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds.  Fix the test by\nrequiring `it->options[1]` to be within bounds before proceeding with\nthe original test.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38483"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38480",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncomedi: Fix use of uninitialized data in insn_rw_emulate_bits()\nFor Comedi `INSN_READ` and `INSN_WRITE` instructions on \"digital\"\nsubdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and\n`COMEDI_SUBD_DIO`), it is common for the subdevice driver not to have\n`insn_read` and `insn_write` handler functions, but to have an\n`insn_bits` handler function for handling Comedi `INSN_BITS`\ninstructions.  In that case, the subdevice's `insn_read` and/or\n`insn_write` function handler pointers are set to point to the\n`insn_rw_emulate_bits()` function by `__comedi_device_postconfig()`.\nFor `INSN_WRITE`, `insn_rw_emulate_bits()` currently assumes that the\nsupplied `data[0]` value is a valid copy from user memory.  It will at\nleast exist because `do_insnlist_ioctl()` and `do_insn_ioctl()` in\n\"comedi_fops.c\" ensure at lease `MIN_SAMPLES` (16) elements are\nallocated.  However, if `insn->n` is 0 (which is allowable for\n`INSN_READ` and `INSN_WRITE` instructions, then `data[0]` may contain\nuninitialized data, and certainly contains invalid data, possibly from a\ndifferent instruction in the array of instructions handled by\n`do_insnlist_ioctl()`.  This will result in an incorrect value being\nwritten to the digital output channel (or to the digital input/output\nchannel if configured as an output), and may be reflected in the\ninternal saved state of the channel.\nFix it by returning 0 early if `insn->n` is 0, before reaching the code\nthat accesses `data[0]`.  Previously, the function always returned 1 on\nsuccess, but it is supposed to be the number of data samples actually\nread or written up to `insn->n`, which is 0 in this case.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38480"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38474",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: net: sierra: check for no status endpoint\nThe driver checks for having three endpoints and\nhaving bulk in and out endpoints, but not that\nthe third endpoint is interrupt input.\nRectify the omission.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38474"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38473",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()\nsyzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0]\nl2cap_sock_resume_cb() has a similar problem that was fixed by commit\n1bff51ea59a9 (\"Bluetooth: fix use-after-free error in lock_sock_nested()\").\nSince both l2cap_sock_kill() and l2cap_sock_resume_cb() are executed\nunder l2cap_sock_resume_cb(), we can avoid the issue simply by checking\nif chan->data is NULL.\nLet's not access to the killed socket in l2cap_sock_resume_cb().\n[0]:\nBUG: KASAN: null-ptr-deref in instrument_atomic_write include/linux/instrumented.h:82 [inline]\nBUG: KASAN: null-ptr-deref in clear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nBUG: KASAN: null-ptr-deref in l2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nWrite of size 8 at addr 0000000000000570 by task kworker/u9:0/52\nCPU: 1 UID: 0 PID: 52 Comm: kworker/u9:0 Not tainted 6.16.0-rc4-syzkaller-g7482bb149b9f #0 PREEMPT\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nWorkqueue: hci0 hci_rx_work\nCall trace:\nshow_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:501 (C)\n__dump_stack+0x30/0x40 lib/dump_stack.c:94\ndump_stack_lvl+0xd8/0x12c lib/dump_stack.c:120\nprint_report+0x58/0x84 mm/kasan/report.c:524\nkasan_report+0xb0/0x110 mm/kasan/report.c:634\ncheck_region_inline mm/kasan/generic.c:-1 [inline]\nkasan_check_range+0x264/0x2a4 mm/kasan/generic.c:189\n__kasan_check_write+0x20/0x30 mm/kasan/shadow.c:37\ninstrument_atomic_write include/linux/instrumented.h:82 [inline]\nclear_bit include/asm-generic/bitops/instrumented-atomic.h:41 [inline]\nl2cap_sock_resume_cb+0xb4/0x17c net/bluetooth/l2cap_sock.c:1711\nl2cap_security_cfm+0x524/0xea0 net/bluetooth/l2cap_core.c:7357\nhci_auth_cfm include/net/bluetooth/hci_core.h:2092 [inline]\nhci_auth_complete_evt+0x2e8/0xa4c net/bluetooth/hci_event.c:3514\nhci_event_func net/bluetooth/hci_event.c:7511 [inline]\nhci_event_packet+0x650/0xe9c net/bluetooth/hci_event.c:7565\nhci_rx_work+0x320/0xb18 net/bluetooth/hci_core.c:4070\nprocess_one_work+0x7e8/0x155c kernel/workqueue.c:3238\nprocess_scheduled_works kernel/workqueue.c:3321 [inline]\nworker_thread+0x958/0xed8 kernel/workqueue.c:3402\nkthread+0x5fc/0x75c kernel/kthread.c:464\nret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:847",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38473"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38465",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnetlink: Fix wraparounds of sk->sk_rmem_alloc.\nNetlink has this pattern in some places\nif (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf)\natomic_add(skb->truesize, &sk->sk_rmem_alloc);\n, which has the same problem fixed by commit 5a465a0da13e (\"udp:\nFix multiple wraparounds of sk->sk_rmem_alloc.\").\nFor example, if we set INT_MAX to SO_RCVBUFFORCE, the condition\nis always false as the two operands are of int.\nThen, a single socket can eat as many skb as possible until OOM\nhappens, and we can see multiple wraparounds of sk->sk_rmem_alloc.\nLet's fix it by using atomic_add_return() and comparing the two\nvariables as unsigned int.\nBefore:\n[root@fedora ~]# ss -f netlink\nRecv-Q      Send-Q Local Address:Port                Peer Address:Port\n-1668710080 0               rtnl:nl_wraparound/293               *\nAfter:\n[root@fedora ~]# ss -f netlink\nRecv-Q     Send-Q Local Address:Port                Peer Address:Port\n2147483072 0               rtnl:nl_wraparound/290               *\n^\n`--- INT_MAX - 576",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38465"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38457",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: Abort __tc_modify_qdisc if parent class does not exist\nLion's patch [1] revealed an ancient bug in the qdisc API.\nWhenever a user creates/modifies a qdisc specifying as a parent another\nqdisc, the qdisc API will, during grafting, detect that the user is\nnot trying to attach to a class and reject. However grafting is\nperformed after qdisc_create (and thus the qdiscs' init callback) is\nexecuted. In qdiscs that eventually call qdisc_tree_reduce_backlog\nduring init or change (such as fq, hhf, choke, etc), an issue\narises. For example, executing the following commands:\nsudo tc qdisc add dev lo root handle a: htb default 2\nsudo tc qdisc add dev lo parent a: handle beef fq\nQdiscs such as fq, hhf, choke, etc unconditionally invoke\nqdisc_tree_reduce_backlog() in their control path init() or change() which\nthen causes a failure to find the child class; however, that does not stop\nthe unconditional invocation of the assumed child qdisc's qlen_notify with\na null class. All these qdiscs make the assumption that class is non-null.\nThe solution is ensure that qdisc_leaf() which looks up the parent\nclass, and is invoked prior to qdisc_create(), should return failure on\nnot finding the class.\nIn this patch, we leverage qdisc_leaf to return ERR_PTRs whenever the\nparentid doesn't correspond to a class, so that we can detect it\nearlier on and abort before qdisc_create is called.\n[1] https://lore.kernel.org/netdev/d912cbd7-193b-4269-9857-525bee8bbb6a@gmail.com/",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38457"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38439",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nbnxt_en: Set DMA unmap len correctly for XDP_REDIRECT\nWhen transmitting an XDP_REDIRECT packet, call dma_unmap_len_set()\nwith the proper length instead of 0.  This bug triggers this warning\non a system with IOMMU enabled:\nWARNING: CPU: 36 PID: 0 at drivers/iommu/dma-iommu.c:842 __iommu_dma_unmap+0x159/0x170\nRIP: 0010:__iommu_dma_unmap+0x159/0x170\nCode: a8 00 00 00 00 48 c7 45 b0 00 00 00 00 48 c7 45 c8 00 00 00 00 48 c7 45 a0 ff ff ff ff 4c 89 45\nb8 4c 89 45 c0 e9 77 ff ff ff <0f> 0b e9 60 ff ff ff e8 8b bf 6a 00 66 66 2e 0f 1f 84 00 00 00 00\nRSP: 0018:ff22d31181150c88 EFLAGS: 00010206\nRAX: 0000000000002000 RBX: 00000000e13a0000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ff22d31181150cf0 R08: ff22d31181150ca8 R09: 0000000000000000\nR10: 0000000000000000 R11: ff22d311d36c9d80 R12: 0000000000001000\nR13: ff13544d10645010 R14: ff22d31181150c90 R15: ff13544d0b2bac00\nFS: 0000000000000000(0000) GS:ff13550908a00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005be909dacff8 CR3: 0008000173408003 CR4: 0000000000f71ef0\nPKRU: 55555554\nCall Trace:\n<IRQ>\n? show_regs+0x6d/0x80\n? __warn+0x89/0x160\n? __iommu_dma_unmap+0x159/0x170\n? report_bug+0x17e/0x1b0\n? handle_bug+0x46/0x90\n? exc_invalid_op+0x18/0x80\n? asm_exc_invalid_op+0x1b/0x20\n? __iommu_dma_unmap+0x159/0x170\n? __iommu_dma_unmap+0xb3/0x170\niommu_dma_unmap_page+0x4f/0x100\ndma_unmap_page_attrs+0x52/0x220\n? srso_alias_return_thunk+0x5/0xfbef5\n? xdp_return_frame+0x2e/0xd0\nbnxt_tx_int_xdp+0xdf/0x440 [bnxt_en]\n__bnxt_poll_work_done+0x81/0x1e0 [bnxt_en]\nbnxt_poll+0xd3/0x1e0 [bnxt_en]",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38439"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38391",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: typec: altmodes/displayport: do not index invalid pin_assignments\nA poorly implemented DisplayPort Alt Mode port partner can indicate\nthat its pin assignment capabilities are greater than the maximum\nvalue, DP_PIN_ASSIGN_F. In this case, calls to pin_assignment_show\nwill cause a BRK exception due to an out of bounds array access.\nPrevent for loop in pin_assignment_show from accessing\ninvalid values in pin_assignments by adding DP_PIN_ASSIGN_MAX\nvalue in typec_dp.h and using i < DP_PIN_ASSIGN_MAX as a loop\ncondition.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38391"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40019",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncrypto: essiv - Check ssize for decryption and in-place encryption\nMove the ssize check to the start in essiv_aead_crypt so that\nit's also checked for decryption and in-place encryption.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40019"
        }
      ],
      "release_date": "2025-10-24T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40088",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nhfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()\nThe hfsplus_strcasecmp() logic can trigger the issue:\n[  117.317703][ T9855] ==================================================================\n[  117.318353][ T9855] BUG: KASAN: slab-out-of-bounds in hfsplus_strcasecmp+0x1bc/0x490\n[  117.318991][ T9855] Read of size 2 at addr ffff88802160f40c by task repro/9855\n[  117.319577][ T9855]\n[  117.319773][ T9855] CPU: 0 UID: 0 PID: 9855 Comm: repro Not tainted 6.17.0-rc6 #33 PREEMPT(full)\n[  117.319780][ T9855] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[  117.319783][ T9855] Call Trace:\n[  117.319785][ T9855]  <TASK>\n[  117.319788][ T9855]  dump_stack_lvl+0x1c1/0x2a0\n[  117.319795][ T9855]  ? __virt_addr_valid+0x1c8/0x5c0\n[  117.319803][ T9855]  ? __pfx_dump_stack_lvl+0x10/0x10\n[  117.319808][ T9855]  ? rcu_is_watching+0x15/0xb0\n[  117.319816][ T9855]  ? lock_release+0x4b/0x3e0\n[  117.319821][ T9855]  ? __kasan_check_byte+0x12/0x40\n[  117.319828][ T9855]  ? __virt_addr_valid+0x1c8/0x5c0\n[  117.319835][ T9855]  ? __virt_addr_valid+0x4a5/0x5c0\n[  117.319842][ T9855]  print_report+0x17e/0x7e0\n[  117.319848][ T9855]  ? __virt_addr_valid+0x1c8/0x5c0\n[  117.319855][ T9855]  ? __virt_addr_valid+0x4a5/0x5c0\n[  117.319862][ T9855]  ? __phys_addr+0xd3/0x180\n[  117.319869][ T9855]  ? hfsplus_strcasecmp+0x1bc/0x490\n[  117.319876][ T9855]  kasan_report+0x147/0x180\n[  117.319882][ T9855]  ? hfsplus_strcasecmp+0x1bc/0x490\n[  117.319891][ T9855]  hfsplus_strcasecmp+0x1bc/0x490\n[  117.319900][ T9855]  ? __pfx_hfsplus_cat_case_cmp_key+0x10/0x10\n[  117.319906][ T9855]  hfs_find_rec_by_key+0xa9/0x1e0\n[  117.319913][ T9855]  __hfsplus_brec_find+0x18e/0x470\n[  117.319920][ T9855]  ? __pfx_hfsplus_bnode_find+0x10/0x10\n[  117.319926][ T9855]  ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[  117.319933][ T9855]  ? __pfx___hfsplus_brec_find+0x10/0x10\n[  117.319942][ T9855]  hfsplus_brec_find+0x28f/0x510\n[  117.319949][ T9855]  ? __pfx_hfs_find_rec_by_key+0x10/0x10\n[  117.319956][ T9855]  ? __pfx_hfsplus_brec_find+0x10/0x10\n[  117.319963][ T9855]  ? __kmalloc_noprof+0x2a9/0x510\n[  117.319969][ T9855]  ? hfsplus_find_init+0x8c/0x1d0\n[  117.319976][ T9855]  hfsplus_brec_read+0x2b/0x120\n[  117.319983][ T9855]  hfsplus_lookup+0x2aa/0x890\n[  117.319990][ T9855]  ? __pfx_hfsplus_lookup+0x10/0x10\n[  117.320003][ T9855]  ? d_alloc_parallel+0x2f0/0x15e0\n[  117.320008][ T9855]  ? __lock_acquire+0xaec/0xd80\n[  117.320013][ T9855]  ? __pfx_d_alloc_parallel+0x10/0x10\n[  117.320019][ T9855]  ? __raw_spin_lock_init+0x45/0x100\n[  117.320026][ T9855]  ? __init_waitqueue_head+0xa9/0x150\n[  117.320034][ T9855]  __lookup_slow+0x297/0x3d0\n[  117.320039][ T9855]  ? __pfx___lookup_slow+0x10/0x10\n[  117.320045][ T9855]  ? down_read+0x1ad/0x2e0\n[  117.320055][ T9855]  lookup_slow+0x53/0x70\n[  117.320065][ T9855]  walk_component+0x2f0/0x430\n[  117.320073][ T9855]  path_lookupat+0x169/0x440\n[  117.320081][ T9855]  filename_lookup+0x212/0x590\n[  117.320089][ T9855]  ? __pfx_filename_lookup+0x10/0x10\n[  117.320098][ T9855]  ? strncpy_from_user+0x150/0x290\n[  117.320105][ T9855]  ? getname_flags+0x1e5/0x540\n[  117.320112][ T9855]  user_path_at+0x3a/0x60\n[  117.320117][ T9855]  __x64_sys_umount+0xee/0x160\n[  117.320123][ T9855]  ? __pfx___x64_sys_umount+0x10/0x10\n[  117.320129][ T9855]  ? do_syscall_64+0xb7/0x3a0\n[  117.320135][ T9855]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  117.320141][ T9855]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  117.320145][ T9855]  do_syscall_64+0xf3/0x3a0\n[  117.320150][ T9855]  ? exc_page_fault+0x9f/0xf0\n[  117.320154][ T9855]  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n[  117.320158][ T9855] RIP: 0033:0x7f7dd7908b07\n[  117.320163][ T9855] Code: 23 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 08\n[  117.320167][ T9855] RSP: 002b:00007ffd5ebd9698 EFLAGS: 00000202 \n---truncated---",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40088"
        }
      ],
      "release_date": "2025-10-30T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38371",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/v3d: Disable interrupts before resetting the GPU\nCurrently, an interrupt can be triggered during a GPU reset, which can\nlead to GPU hangs and NULL pointer dereference in an interrupt context\nas shown in the following trace:\n[  314.035040] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0\n[  314.043822] Mem abort info:\n[  314.046606]   ESR = 0x0000000096000005\n[  314.050347]   EC = 0x25: DABT (current EL), IL = 32 bits\n[  314.055651]   SET = 0, FnV = 0\n[  314.058695]   EA = 0, S1PTW = 0\n[  314.061826]   FSC = 0x05: level 1 translation fault\n[  314.066694] Data abort info:\n[  314.069564]   ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[  314.075039]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[  314.080080]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[  314.085382] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000102728000\n[  314.091814] [00000000000000c0] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000\n[  314.100511] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n[  314.106770] Modules linked in: v3d i2c_brcmstb vc4 snd_soc_hdmi_codec gpu_sched drm_shmem_helper drm_display_helper cec drm_dma_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm snd_timer snd backlight\n[  314.129654] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1  Debian 1:6.12.25-1+rpt1\n[  314.139388] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT)\n[  314.145211] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[  314.152165] pc : v3d_irq+0xec/0x2e0 [v3d]\n[  314.156187] lr : v3d_irq+0xe0/0x2e0 [v3d]\n[  314.160198] sp : ffffffc080003ea0\n[  314.163502] x29: ffffffc080003ea0 x28: ffffffec1f184980 x27: 021202b000000000\n[  314.170633] x26: ffffffec1f17f630 x25: ffffff8101372000 x24: ffffffec1f17d9f0\n[  314.177764] x23: 000000000000002a x22: 000000000000002a x21: ffffff8103252000\n[  314.184895] x20: 0000000000000001 x19: 00000000deadbeef x18: 0000000000000000\n[  314.192026] x17: ffffff94e51d2000 x16: ffffffec1dac3cb0 x15: c306000000000000\n[  314.199156] x14: 0000000000000000 x13: b2fc982e03cc5168 x12: 0000000000000001\n[  314.206286] x11: ffffff8103f8bcc0 x10: ffffffec1f196868 x9 : ffffffec1dac3874\n[  314.213416] x8 : 0000000000000000 x7 : 0000000000042a3a x6 : ffffff810017a180\n[  314.220547] x5 : ffffffec1ebad400 x4 : ffffffec1ebad320 x3 : 00000000000bebeb\n[  314.227677] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\n[  314.234807] Call trace:\n[  314.237243]  v3d_irq+0xec/0x2e0 [v3d]\n[  314.240906]  __handle_irq_event_percpu+0x58/0x218\n[  314.245609]  handle_irq_event+0x54/0xb8\n[  314.249439]  handle_fasteoi_irq+0xac/0x240\n[  314.253527]  handle_irq_desc+0x48/0x68\n[  314.257269]  generic_handle_domain_irq+0x24/0x38\n[  314.261879]  gic_handle_irq+0x48/0xd8\n[  314.265533]  call_on_irq_stack+0x24/0x58\n[  314.269448]  do_interrupt_handler+0x88/0x98\n[  314.273624]  el1_interrupt+0x34/0x68\n[  314.277193]  el1h_64_irq_handler+0x18/0x28\n[  314.281281]  el1h_64_irq+0x64/0x68\n[  314.284673]  default_idle_call+0x3c/0x168\n[  314.288675]  do_idle+0x1fc/0x230\n[  314.291895]  cpu_startup_entry+0x3c/0x50\n[  314.295810]  rest_init+0xe4/0xf0\n[  314.299030]  start_kernel+0x5e8/0x790\n[  314.302684]  __primary_switched+0x80/0x90\n[  314.306691] Code: 940029eb 360ffc13 f9442ea0 52800001 (f9406017)\n[  314.312775] ---[ end trace 0000000000000000 ]---\n[  314.317384] Kernel panic - not syncing: Oops: Fatal exception in interrupt\n[  314.324249] SMP: stopping secondary CPUs\n[  314.328167] Kernel Offset: 0x2b9da00000 from 0xffffffc080000000\n[  314.334076] PHYS_OFFSET: 0x0\n[  314.336946] CPU features: 0x08,00002013,c0200000,0200421b\n[  314.342337] Memory Limit: none\n[  314.345382] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\nBefore resetting the G\n---truncated---",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38371"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38389",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/i915/gt: Fix timeline left held on VMA alloc error\nThe following error has been reported sporadically by CI when a test\nunbinds the i915 driver on a ring submission platform:\n<4> [239.330153] ------------[ cut here ]------------\n<4> [239.330166] i915 0000:00:02.0: [drm] drm_WARN_ON(dev_priv->mm.shrink_count)\n<4> [239.330196] WARNING: CPU: 1 PID: 18570 at drivers/gpu/drm/i915/i915_gem.c:1309 i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n<4> [239.330640] RIP: 0010:i915_gem_cleanup_early+0x13e/0x150 [i915]\n...\n<4> [239.330942] Call Trace:\n<4> [239.330944]  <TASK>\n<4> [239.330949]  i915_driver_late_release+0x2b/0xa0 [i915]\n<4> [239.331202]  i915_driver_release+0x86/0xa0 [i915]\n<4> [239.331482]  devm_drm_dev_init_release+0x61/0x90\n<4> [239.331494]  devm_action_release+0x15/0x30\n<4> [239.331504]  release_nodes+0x3d/0x120\n<4> [239.331517]  devres_release_all+0x96/0xd0\n<4> [239.331533]  device_unbind_cleanup+0x12/0x80\n<4> [239.331543]  device_release_driver_internal+0x23a/0x280\n<4> [239.331550]  ? bus_find_device+0xa5/0xe0\n<4> [239.331563]  device_driver_detach+0x14/0x20\n...\n<4> [357.719679] ---[ end trace 0000000000000000 ]---\nIf the test also unloads the i915 module then that's followed with:\n<3> [357.787478] =============================================================================\n<3> [357.788006] BUG i915_vma (Tainted: G     U  W        N ): Objects remaining on __kmem_cache_shutdown()\n<3> [357.788031] -----------------------------------------------------------------------------\n<3> [357.788204] Object 0xffff888109e7f480 @offset=29824\n<3> [357.788670] Allocated in i915_vma_instance+0xee/0xc10 [i915] age=292729 cpu=4 pid=2244\n<4> [357.788994]  i915_vma_instance+0xee/0xc10 [i915]\n<4> [357.789290]  init_status_page+0x7b/0x420 [i915]\n<4> [357.789532]  intel_engines_init+0x1d8/0x980 [i915]\n<4> [357.789772]  intel_gt_init+0x175/0x450 [i915]\n<4> [357.790014]  i915_gem_init+0x113/0x340 [i915]\n<4> [357.790281]  i915_driver_probe+0x847/0xed0 [i915]\n<4> [357.790504]  i915_pci_probe+0xe6/0x220 [i915]\n...\nCloser analysis of CI results history has revealed a dependency of the\nerror on a few IGT tests, namely:\n- igt@api_intel_allocator@fork-simple-stress-signal,\n- igt@api_intel_allocator@two-level-inception-interruptible,\n- igt@gem_linear_blits@interruptible,\n- igt@prime_mmap_coherency@ioctl-errors,\nwhich invisibly trigger the issue, then exhibited with first driver unbind\nattempt.\nAll of the above tests perform actions which are actively interrupted with\nsignals.  Further debugging has allowed to narrow that scope down to\nDRM_IOCTL_I915_GEM_EXECBUFFER2, and ring_context_alloc(), specific to ring\nsubmission, in particular.\nIf successful then that function, or its execlists or GuC submission\nequivalent, is supposed to be called only once per GEM context engine,\nfollowed by raise of a flag that prevents the function from being called\nagain.  The function is expected to unwind its internal errors itself, so\nit may be safely called once more after it returns an error.\nIn case of ring submission, the function first gets a reference to the\nengine's legacy timeline and then allocates a VMA.  If the VMA allocation\nfails, e.g. when i915_vma_instance() called from inside is interrupted\nwith a signal, then ring_context_alloc() fails, leaving the timeline held\nreferenced.  On next I915_GEM_EXECBUFFER2 IOCTL, another reference to the\ntimeline is got, and only that last one is put on successful completion.\nAs a consequence, the legacy timeline, with its underlying engine status\npage's VMA object, is still held and not released on driver unbind.\nGet the legacy timeline only after successful allocation of the context\nengine's VMA.\nv2: Add a note on other submission methods (Krzysztof Karas):\nBoth execlists and GuC submission use lrc_alloc() which seems free\nfrom a similar issue.\n(cherry picked from commit cc43422b3cc79eacff4c5a8ba0d224688ca9dd4f)",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38389"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38540",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nHID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras\nThe Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C)\nreport a HID sensor interface that is not actually implemented.\nAttempting to access this non-functional sensor via iio_info causes\nsystem hangs as runtime PM tries to wake up an unresponsive sensor.\nAdd these 2 devices to the HID ignore list since the sensor interface is\nnon-functional by design and should not be exposed to userspace.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38540"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38530",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncomedi: pcl812: Fix bit shift out of bounds\nWhen checking for a supported IRQ number, the following test is used:\nif ((1 << it->options[1]) & board->irq_bits) {\nHowever, `it->options[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds.  Fix the test by\nrequiring `it->options[1]` to be within bounds before proceeding with\nthe original test.  Valid `it->options[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38530"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38377",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nrose: fix dangling neighbour pointers in rose_rt_device_down()\nThere are two bugs in rose_rt_device_down() that can cause\nuse-after-free:\n1. The loop bound `t->count` is modified within the loop, which can\ncause the loop to terminate early and miss some entries.\n2. When removing an entry from the neighbour array, the subsequent entries\nare moved up to fill the gap, but the loop index `i` is still\nincremented, causing the next entry to be skipped.\nFor example, if a node has three neighbours (A, A, B) with count=3 and A\nis being removed, the second A is not checked.\ni=0: (A, A, B) -> (A, B) with count=2\n^ checked\ni=1: (A, B)    -> (A, B) with count=2\n^ checked (B, not A!)\ni=2: (doesn't occur because i < count is false)\nThis leaves the second A in the array with count=2, but the rose_neigh\nstructure has been freed. Code that accesses these entries assumes that\nthe first `count` entries are valid pointers, causing a use-after-free\nwhen it accesses the dangling pointer.\nFix both issues by iterating over the array in reverse order with a fixed\nloop bound. This ensures that all entries are examined and that the removal\nof an entry doesn't affect subsequent iterations.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38377"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40118",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod\nSince commit f7b705c238d1 (\"scsi: pm80xx: Set phy_attached to zero when\ndevice is gone\") UBSAN reports:\nUBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17\nindex 28 is out of range for type 'pm8001_phy [16]'\non rmmod when using an expander.\nFor a direct attached device, attached_phy contains the local phy id.\nFor a device behind an expander, attached_phy contains the remote phy\nid, not the local phy id.\nI.e. while pm8001_ha will have pm8001_ha->chip->n_phy local phys, for a\ndevice behind an expander, attached_phy can be much larger than\npm8001_ha->chip->n_phy (depending on the amount of phys of the\nexpander).\nE.g. on my system pm8001_ha has 8 phys with phy ids 0-7.  One of the\nports has an expander connected.  The expander has 31 phys with phy ids\n0-30.\nThe pm8001_ha->phy array only contains the phys of the HBA.  It does not\ncontain the phys of the expander.  Thus, it is wrong to use attached_phy\nto index the pm8001_ha->phy array for a device behind an expander.\nThus, we can only clear phy_attached for devices that are directly\nattached.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40118"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40070",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\npps: fix warning in pps_register_cdev when register device fail\nSimilar to previous commit 2a934fdb01db (\"media: v4l2-dev: fix error\nhandling in __video_register_device()\"), the release hook should be set\nbefore device_register(). Otherwise, when device_register() return error\nand put_device() try to callback the release function, the below warning\nmay happen.\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 4760 at drivers/base/core.c:2567 device_release+0x1bd/0x240 drivers/base/core.c:2567\nModules linked in:\nCPU: 1 UID: 0 PID: 4760 Comm: syz.4.914 Not tainted 6.17.0-rc3+ #1 NONE\nRIP: 0010:device_release+0x1bd/0x240 drivers/base/core.c:2567\nCall Trace:\n<TASK>\nkobject_cleanup+0x136/0x410 lib/kobject.c:689\nkobject_release lib/kobject.c:720 [inline]\nkref_put include/linux/kref.h:65 [inline]\nkobject_put+0xe9/0x130 lib/kobject.c:737\nput_device+0x24/0x30 drivers/base/core.c:3797\npps_register_cdev+0x2da/0x370 drivers/pps/pps.c:402\npps_register_source+0x2f6/0x480 drivers/pps/kapi.c:108\npps_tty_open+0x190/0x310 drivers/pps/clients/pps-ldisc.c:57\ntty_ldisc_open+0xa7/0x120 drivers/tty/tty_ldisc.c:432\ntty_set_ldisc+0x333/0x780 drivers/tty/tty_ldisc.c:563\ntiocsetd drivers/tty/tty_io.c:2429 [inline]\ntty_ioctl+0x5d1/0x1700 drivers/tty/tty_io.c:2728\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:598 [inline]\n__se_sys_ioctl fs/ioctl.c:584 [inline]\n__x64_sys_ioctl+0x194/0x210 fs/ioctl.c:584\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0x5f/0x2a0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\n</TASK>\nBefore commit c79a39dc8d06 (\"pps: Fix a use-after-free\"),\npps_register_cdev() call device_create() to create pps->dev, which will\ninit dev->release to device_create_release(). Now the comment is outdated,\njust remove it.\nThanks for the reminder from Calvin Owens, 'kfree_pps' should be removed\nin pps_register_source() to avoid a double free in the failure case.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40070"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40055",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nocfs2: fix double free in user_cluster_connect()\nuser_cluster_disconnect() frees \"conn->cc_private\" which is \"lc\" but then\nthe error handling frees \"lc\" a second time.  Set \"lc\" to NULL on this\npath to avoid a double free.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40055"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38245",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\natm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().\nsyzbot reported a warning below during atm_dev_register(). [0]\nBefore creating a new device and procfs/sysfs for it, atm_dev_register()\nlooks up a duplicated device by __atm_dev_lookup().  These operations are\ndone under atm_dev_mutex.\nHowever, when removing a device in atm_dev_deregister(), it releases the\nmutex just after removing the device from the list that __atm_dev_lookup()\niterates over.\nSo, there will be a small race window where the device does not exist on\nthe device list but procfs/sysfs are still not removed, triggering the\nsplat.\nLet's hold the mutex until procfs/sysfs are removed in\natm_dev_deregister().\n[0]:\nproc_dir_entry 'atm/atmtcp:0' already registered\nWARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377\nModules linked in:\nCPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nRIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377\nCode: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 <0f> 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48\nRSP: 0018:ffffc9000466fa30 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248\nRDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001\nRBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140\nR13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444\nFS:  00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\nproc_create_data+0xbe/0x110 fs/proc/generic.c:585\natm_proc_dev_register+0x112/0x1e0 net/atm/proc.c:361\natm_dev_register+0x46d/0x890 net/atm/resources.c:113\natmtcp_create+0x77/0x210 drivers/atm/atmtcp.c:369\natmtcp_attach drivers/atm/atmtcp.c:403 [inline]\natmtcp_ioctl+0x2f9/0xd60 drivers/atm/atmtcp.c:464\ndo_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\nsock_do_ioctl+0x115/0x280 net/socket.c:1190\nsock_ioctl+0x227/0x6b0 net/socket.c:1311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl fs/ioctl.c:893 [inline]\n__x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f38b3b74459\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f38b3b0c198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f38b3bfe318 RCX: 00007f38b3b74459\nRDX: 0000000000000000 RSI: 0000000000006180 RDI: 0000000000000005\nRBP: 00007f38b3bfe310 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f38b3bcb0ac\nR13: 00007f38b3b0c1a0 R14: 0000200000000200 R15: 00007f38b3bcb03b\n</TASK>",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38245"
        }
      ],
      "release_date": "2025-07-09T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2023-53259",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nVMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF\nThe call to get_user_pages_fast() in vmci_host_setup_notify() can return\nNULL context->notify_page causing a GPF. To avoid GPF check if\ncontext->notify_page == NULL and return error if so.\ngeneral protection fault, probably for non-canonical address\n0xe0009d1000000060: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: maybe wild-memory-access in range [0x0005088000000300-\n0x0005088000000307]\nCPU: 2 PID: 26180 Comm: repro_34802241 Not tainted 6.1.0-rc4 #1\nHardware name: Red Hat KVM, BIOS 1.15.0-2.module+el8.6.0 04/01/2014\nRIP: 0010:vmci_ctx_check_signal_notify+0x91/0xe0\nCall Trace:\n<TASK>\nvmci_host_unlocked_ioctl+0x362/0x1f40\n__x64_sys_ioctl+0x1a1/0x230\ndo_syscall_64+0x3a/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2023-53259"
        }
      ],
      "release_date": "2025-09-15T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40027",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/9p: fix double req put in p9_fd_cancelled\nSyzkaller reports a KASAN issue as below:\ngeneral protection fault, probably for non-canonical address 0xfbd59c0000000021: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: maybe wild-memory-access in range [0xdead000000000108-0xdead00000000010f]\nCPU: 0 PID: 5083 Comm: syz-executor.2 Not tainted 6.1.134-syzkaller-00037-g855bd1d7d838 #0\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014\nRIP: 0010:__list_del include/linux/list.h:114 [inline]\nRIP: 0010:__list_del_entry include/linux/list.h:137 [inline]\nRIP: 0010:list_del include/linux/list.h:148 [inline]\nRIP: 0010:p9_fd_cancelled+0xe9/0x200 net/9p/trans_fd.c:734\nCall Trace:\n<TASK>\np9_client_flush+0x351/0x440 net/9p/client.c:614\np9_client_rpc+0xb6b/0xc70 net/9p/client.c:734\np9_client_version net/9p/client.c:920 [inline]\np9_client_create+0xb51/0x1240 net/9p/client.c:1027\nv9fs_session_init+0x1f0/0x18f0 fs/9p/v9fs.c:408\nv9fs_mount+0xba/0xcb0 fs/9p/vfs_super.c:126\nlegacy_get_tree+0x108/0x220 fs/fs_context.c:632\nvfs_get_tree+0x8e/0x300 fs/super.c:1573\ndo_new_mount fs/namespace.c:3056 [inline]\npath_mount+0x6a6/0x1e90 fs/namespace.c:3386\ndo_mount fs/namespace.c:3399 [inline]\n__do_sys_mount fs/namespace.c:3607 [inline]\n__se_sys_mount fs/namespace.c:3584 [inline]\n__x64_sys_mount+0x283/0x300 fs/namespace.c:3584\ndo_syscall_x64 arch/x86/entry/common.c:51 [inline]\ndo_syscall_64+0x35/0x80 arch/x86/entry/common.c:81\nentry_SYSCALL_64_after_hwframe+0x6e/0xd8\nThis happens because of a race condition between:\n- The 9p client sending an invalid flush request and later cleaning it up;\n- The 9p client in p9_read_work() canceled all pending requests.\nThread 1                              Thread 2\n...\np9_client_create()\n...\np9_fd_create()\n...\np9_conn_create()\n...\n// start Thread 2\nINIT_WORK(&m->rq, p9_read_work);\np9_read_work()\n...\np9_client_rpc()\n...\n...\np9_conn_cancel()\n...\nspin_lock(&m->req_lock);\n...\np9_fd_cancelled()\n...\n...\nspin_unlock(&m->req_lock);\n// status rewrite\np9_client_cb(m->client, req, REQ_STATUS_ERROR)\n// first remove\nlist_del(&req->req_list);\n...\nspin_lock(&m->req_lock)\n...\n// second remove\nlist_del(&req->req_list);\nspin_unlock(&m->req_lock)\n...\nCommit 74d6a5d56629 (\"9p/trans_fd: Fix concurrency del of req_list in\np9_fd_cancelled/p9_read_work\") fixes a concurrency issue in the 9p filesystem\nclient where the req_list could be deleted simultaneously by both\np9_read_work and p9_fd_cancelled functions, but for the case where req->status\nequals REQ_STATUS_RCVD.\nUpdate the check for req->status in p9_fd_cancelled to skip processing not\njust received requests, but anything that is not SENT, as whatever\nchanged the state from SENT also removed the request from its list.\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.\n[updated the check from status == RECV || status == ERROR to status != SENT]",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40027"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40026",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nKVM: x86: Don't (re)check L1 intercepts when completing userspace I/O\nWhen completing emulation of instruction that generated a userspace exit\nfor I/O, don't recheck L1 intercepts as KVM has already finished that\nphase of instruction execution, i.e. has already committed to allowing L2\nto perform I/O.  If L1 (or host userspace) modifies the I/O permission\nbitmaps during the exit to userspace,  KVM will treat the access as being\nintercepted despite already having emulated the I/O access.\nPivot on EMULTYPE_NO_DECODE to detect that KVM is completing emulation.\nOf the three users of EMULTYPE_NO_DECODE, only complete_emulated_io() (the\nintended \"recipient\") can reach the code in question.  gp_interception()'s\nuse is mutually exclusive with is_guest_mode(), and\ncomplete_emulated_insn_gp() unconditionally pairs EMULTYPE_NO_DECODE with\nEMULTYPE_SKIP.\nThe bad behavior was detected by a syzkaller program that toggles port I/O\ninterception during the userspace I/O exit, ultimately resulting in a WARN\non vcpu->arch.pio.count being non-zero due to KVM no completing emulation\nof the I/O instruction.\nWARNING: CPU: 23 PID: 1083 at arch/x86/kvm/x86.c:8039 emulator_pio_in_out+0x154/0x170 [kvm]\nModules linked in: kvm_intel kvm irqbypass\nCPU: 23 UID: 1000 PID: 1083 Comm: repro Not tainted 6.16.0-rc5-c1610d2d66b1-next-vm #74 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\nRIP: 0010:emulator_pio_in_out+0x154/0x170 [kvm]\nPKRU: 55555554\nCall Trace:\n<TASK>\nkvm_fast_pio+0xd6/0x1d0 [kvm]\nvmx_handle_exit+0x149/0x610 [kvm_intel]\nkvm_arch_vcpu_ioctl_run+0xda8/0x1ac0 [kvm]\nkvm_vcpu_ioctl+0x244/0x8c0 [kvm]\n__x64_sys_ioctl+0x8a/0xd0\ndo_syscall_64+0x5d/0xc60\nentry_SYSCALL_64_after_hwframe+0x4b/0x53\n</TASK>",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40026"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38497",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: gadget: configfs: Fix OOB read on empty string write\nWhen writing an empty string to either 'qw_sign' or 'landingPage'\nsysfs attributes, the store functions attempt to access page[l - 1]\nbefore validating that the length 'l' is greater than zero.\nThis patch fixes the vulnerability by adding a check at the beginning\nof os_desc_qw_sign_store() and webusb_landingPage_store() to handle\nthe zero-length input case gracefully by returning immediately.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38497"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38482",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncomedi: das6402: Fix bit shift out of bounds\nWhen checking for a supported IRQ number, the following test is used:\n/* IRQs 2,3,5,6,7, 10,11,15 are valid for \"enhanced\" mode */\nif ((1 << it->options[1]) & 0x8cec) {\nHowever, `it->options[i]` is an unchecked `int` value from userspace, so\nthe shift amount could be negative or out of bounds.  Fix the test by\nrequiring `it->options[1]` to be within bounds before proceeding with\nthe original test.  Valid `it->options[1]` values that select the IRQ\nwill be in the range [1,15]. The value 0 explicitly disables the use of\ninterrupts.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38482"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38467",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/exynos: exynos7_drm_decon: add vblank check in IRQ handling\nIf there's support for another console device (such as a TTY serial),\nthe kernel occasionally panics during boot. The panic message and a\nrelevant snippet of the call stack is as follows:\nUnable to handle kernel NULL pointer dereference at virtual address 000000000000000\nCall trace:\ndrm_crtc_handle_vblank+0x10/0x30 (P)\ndecon_irq_handler+0x88/0xb4\n[...]\nOtherwise, the panics don't happen. This indicates that it's some sort\nof race condition.\nAdd a check to validate if the drm device can handle vblanks before\ncalling drm_crtc_handle_vblank() to avoid this.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38467"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38464",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ntipc: Fix use-after-free in tipc_conn_close().\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\ntipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls\ntipc_conn_close() for each tipc_conn.\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast ->kref.\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\nLet's hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n__dump_stack lib/dump_stack.c:77 [inline]\ndump_stack+0x1fc/0x2ef lib/dump_stack.c:118\nprint_address_description.cold+0x54/0x219 mm/kasan/report.c:256\nkasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\nkasan_report mm/kasan/report.c:412 [inline]\n__asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\ntipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\ntipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\ntipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\nops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\ncleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nAllocated by task 23:\nkmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\nkmalloc include/linux/slab.h:515 [inline]\nkzalloc include/linux/slab.h:709 [inline]\ntipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\ntipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nFreed by task 23:\n__cache_free mm/slab.c:3503 [inline]\nkfree+0xcc/0x210 mm/slab.c:3822\ntipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\nkref_put include/linux/kref.h:70 [inline]\nconn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\nprocess_one_work+0x864/0x1570 kernel/workqueue.c:2153\nworker_thread+0x64c/0x1130 kernel/workqueue.c:2296\nkthread+0x33f/0x460 kernel/kthread.c:259\nret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\nThe buggy address belongs to the object at ffff888099305a00\nwhich belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\nMemory state around the buggy address:\nffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n>ffff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n^\nffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\nffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38464"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38460",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\natm: clip: Fix potential null-ptr-deref in to_atmarpd().\natmarpd is protected by RTNL since commit f3a0592b37b8 (\"[ATM]: clip\ncauses unregister hang\").\nHowever, it is not enough because to_atmarpd() is called without RTNL,\nespecially clip_neigh_solicit() / neigh_ops->solicit() is unsleepable.\nAlso, there is no RTNL dependency around atmarpd.\nLet's use a private mutex and RCU to protect access to atmarpd in\nto_atmarpd().",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38460"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38458",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\natm: clip: Fix NULL pointer dereference in vcc_sendmsg()\natmarpd_dev_ops does not implement the send method, which may cause crash\nas bellow.\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: Oops: 0010 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.15.0-rc6-syzkaller-00346-g5723cc3450bc #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at 0xffffffffffffffd6.\nRSP: 0018:ffffc9000d3cf778 EFLAGS: 00010246\nRAX: 1ffffffff1910dd1 RBX: 00000000000000c0 RCX: dffffc0000000000\nRDX: ffffc9000dc82000 RSI: ffff88803e4c4640 RDI: ffff888052cd0000\nRBP: ffffc9000d3cf8d0 R08: ffff888052c9143f R09: 1ffff1100a592287\nR10: dffffc0000000000 R11: 0000000000000000 R12: 1ffff92001a79f00\nR13: ffff888052cd0000 R14: ffff88803e4c4640 R15: ffffffff8c886e88\nFS:  00007fbc762566c0(0000) GS:ffff88808d6c2000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffffffffffffd6 CR3: 0000000041f1b000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\nvcc_sendmsg+0xa10/0xc50 net/atm/common.c:644\nsock_sendmsg_nosec net/socket.c:712 [inline]\n__sock_sendmsg+0x219/0x270 net/socket.c:727\n____sys_sendmsg+0x52d/0x830 net/socket.c:2566\n___sys_sendmsg+0x21f/0x2a0 net/socket.c:2620\n__sys_sendmmsg+0x227/0x430 net/socket.c:2709\n__do_sys_sendmmsg net/socket.c:2736 [inline]\n__se_sys_sendmmsg net/socket.c:2733 [inline]\n__x64_sys_sendmmsg+0xa0/0xc0 net/socket.c:2733\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xf6/0x210 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38458"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38448",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: gadget: u_serial: Fix race condition in TTY wakeup\nA race condition occurs when gs_start_io() calls either gs_start_rx() or\ngs_start_tx(), as those functions briefly drop the port_lock for\nusb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear\nport.tty and port_usb, respectively.\nUse the null-safe TTY Port helper function to wake up TTY.\nExample\nCPU1:      CPU2:\ngserial_connect() // lock\ngs_close() // await lock\ngs_start_rx()     // unlock\nusb_ep_queue()\ngs_close() // lock, reset port.tty and unlock\ngs_start_rx()     // lock\ntty_wakeup()      // NPE",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38448"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38445",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nmd/raid1: Fix stack memory use after return in raid1_reshape\nIn the raid1_reshape function, newpool is\nallocated on the stack and assigned to conf->r1bio_pool.\nThis results in conf->r1bio_pool.wait.head pointing\nto a stack address.\nAccessing this address later can lead to a kernel panic.\nExample access path:\nraid1_reshape()\n{\n// newpool is on the stack\nmempool_t newpool, oldpool;\n// initialize newpool.wait.head to stack address\nmempool_init(&newpool, ...);\nconf->r1bio_pool = newpool;\n}\nraid1_read_request() or raid1_write_request()\n{\nalloc_r1bio()\n{\nmempool_alloc()\n{\n// if pool->alloc fails\nremove_element()\n{\n--pool->curr_nr;\n}\n}\n}\n}\nmempool_free()\n{\nif (pool->curr_nr < pool->min_nr) {\n// pool->wait.head is a stack address\n// wake_up() will try to access this invalid address\n// which leads to a kernel panic\nreturn;\nwake_up(&pool->wait);\n}\n}\nFix:\nreinit conf->r1bio_pool.wait after assigning newpool.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38445"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38406",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: ath6kl: remove WARN on bad firmware input\nIf the firmware gives bad input, that's nothing to do with\nthe driver's stack at this point etc., so the WARN_ON()\ndoesn't add any value. Additionally, this is one of the\ntop syzbot reports now. Just print a message, and as an\nadded bonus, print the sizes too.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38406"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38404",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nusb: typec: displayport: Fix potential deadlock\nThe deadlock can occur due to a recursive lock acquisition of\n`cros_typec_altmode_data::mutex`.\nThe call chain is as follows:\n1. cros_typec_altmode_work() acquires the mutex\n2. typec_altmode_vdm() -> dp_altmode_vdm() ->\n3. typec_altmode_exit() -> cros_typec_altmode_exit()\n4. cros_typec_altmode_exit() attempts to acquire the mutex again\nTo prevent this, defer the `typec_altmode_exit()` call by scheduling\nit rather than calling it directly from within the mutex-protected\ncontext.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38404"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38403",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nvsock/vmci: Clear the vmci transport packet properly when initializing it\nIn vmci_transport_packet_init memset the vmci_transport_packet before\npopulating the fields to avoid any uninitialised data being left in the\nstructure.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38403"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38401",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nmtk-sd: Prevent memory corruption from DMA map failure\nIf msdc_prepare_data() fails to map the DMA region, the request is\nnot prepared for data receiving, but msdc_start_data() proceeds\nthe DMA with previous setting.\nSince this will lead a memory corruption, we have to stop the\nrequest operation soon after the msdc_prepare_data() fails to\nprepare it.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38401"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38400",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.\nsyzbot reported a warning below [1] following a fault injection in\nnfs_fs_proc_net_init(). [0]\nWhen nfs_fs_proc_net_init() fails, /proc/net/rpc/nfs is not removed.\nLater, rpc_proc_exit() tries to remove /proc/net/rpc, and the warning\nis logged as the directory is not empty.\nLet's handle the error of nfs_fs_proc_net_init() properly.\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nCall Trace:\n<TASK>\ndump_stack_lvl (lib/dump_stack.c:123)\nshould_fail_ex (lib/fault-inject.c:73 lib/fault-inject.c:174)\nshould_failslab (mm/failslab.c:46)\nkmem_cache_alloc_noprof (mm/slub.c:4178 mm/slub.c:4204)\n__proc_create (fs/proc/generic.c:427)\nproc_create_reg (fs/proc/generic.c:554)\nproc_create_net_data (fs/proc/proc_net.c:120)\nnfs_fs_proc_net_init (fs/nfs/client.c:1409)\nnfs_net_init (fs/nfs/inode.c:2600)\nops_init (net/core/net_namespace.c:138)\nsetup_net (net/core/net_namespace.c:443)\ncopy_net_ns (net/core/net_namespace.c:576)\ncreate_new_namespaces (kernel/nsproxy.c:110)\nunshare_nsproxy_namespaces (kernel/nsproxy.c:218 (discriminator 4))\nksys_unshare (kernel/fork.c:3123)\n__x64_sys_unshare (kernel/fork.c:3190)\ndo_syscall_64 (arch/x86/entry/syscall_64.c:63 arch/x86/entry/syscall_64.c:94)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n</TASK>\n[1]:\nremove_proc_entry: removing non-empty directory 'net/rpc', leaking at least 'nfs'\nWARNING: CPU: 1 PID: 6120 at fs/proc/generic.c:727 remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nModules linked in:\nCPU: 1 UID: 0 PID: 6120 Comm: syz.2.27 Not tainted 6.16.0-rc1-syzkaller-00010-g2c4a1f3fe03e #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nRIP: 0010:remove_proc_entry+0x45e/0x530 fs/proc/generic.c:727\nCode: 3c 02 00 0f 85 85 00 00 00 48 8b 93 d8 00 00 00 4d 89 f0 4c 89 e9 48 c7 c6 40 ba a2 8b 48 c7 c7 60 b9 a2 8b e8 33 81 1d ff 90 <0f> 0b 90 90 e9 5f fe ff ff e8 04 69 5e ff 90 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90003637b08 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff88805f534140 RCX: ffffffff817a92c8\nRDX: ffff88807da99e00 RSI: ffffffff817a92d5 RDI: 0000000000000001\nRBP: ffff888033431ac0 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffff888033431a00\nR13: ffff888033431ae4 R14: ffff888033184724 R15: dffffc0000000000\nFS:  0000555580328500(0000) GS:ffff888124a62000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f71733743e0 CR3: 000000007f618000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\nsunrpc_exit_net+0x46/0x90 net/sunrpc/sunrpc_syms.c:76\nops_exit_list net/core/net_namespace.c:200 [inline]\nops_undo_list+0x2eb/0xab0 net/core/net_namespace.c:253\nsetup_net+0x2e1/0x510 net/core/net_namespace.c:457\ncopy_net_ns+0x2a6/0x5f0 net/core/net_namespace.c:574\ncreate_new_namespaces+0x3ea/0xa90 kernel/nsproxy.c:110\nunshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:218\nksys_unshare+0x45b/0xa40 kernel/fork.c:3121\n__do_sys_unshare kernel/fork.c:3192 [inline]\n__se_sys_unshare kernel/fork.c:3190 [inline]\n__x64_sys_unshare+0x31/0x40 kernel/fork.c:3190\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x490 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa1a6b8e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c\n---truncated---",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38400"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38395",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nregulator: gpio: Fix the out-of-bounds access to drvdata::gpiods\ndrvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But\nthe memory is allocated for only one pointer. This will lead to\nout-of-bounds access later in the code if 'config::ngpios' is > 1. So\nfix the code to allocate enough memory to hold 'config::ngpios' of GPIO\ndescriptors.\nWhile at it, also move the check for memory allocation failure to be below\nthe allocation to make it more readable.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38395"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38386",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nACPICA: Refuse to evaluate a method if arguments are missing\nAs reported in [1], a platform firmware update that increased the number\nof method parameters and forgot to update a least one of its callers,\ncaused ACPICA to crash due to use-after-free.\nSince this a result of a clear AML issue that arguably cannot be fixed\nup by the interpreter (it cannot produce missing data out of thin air),\naddress it by making ACPICA refuse to evaluate a method if the caller\nattempts to pass fewer arguments than expected to it.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38386"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38495",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nHID: core: ensure the allocated report buffer can contain the reserved report ID\nWhen the report ID is not used, the low level transport drivers expect\nthe first byte to be 0. However, currently the allocated buffer not\naccount for that extra byte, meaning that instead of having 8 guaranteed\nbytes for implement to be working, we only have 7.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38495"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38494",
      "cwe": {
        "id": "CWE-805",
        "name": "Buffer Access with Incorrect Length Value"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nHID: core: do not bypass hid_hw_raw_request\nhid_hw_raw_request() is actually useful to ensure the provided buffer\nand length are valid. Directly calling in the low level transport driver\nfunction bypassed those checks and allowed invalid paramto be used.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38494"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38477",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: sch_qfq: Fix race condition on qfq_aggregate\nA race condition can occur when 'agg' is modified in qfq_change_agg\n(called during qfq_enqueue) while other threads access it\nconcurrently. For example, qfq_dump_class may trigger a NULL\ndereference, and qfq_delete_class may cause a use-after-free.\nThis patch addresses the issue by:\n1. Moved qfq_destroy_class into the critical section.\n2. Added sch_tree_lock protection to qfq_dump_class and\nqfq_dump_class_stats.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38477"
        }
      ],
      "release_date": "2025-07-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38387",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert\nThe obj_event may be loaded immediately after inserted, then if the\nlist_head is not initialized then we may get a poisonous pointer.  This\nfixes the crash below:\nmlx5_core 0000:03:00.0: MLX5E: StrdRq(1) RqSz(8) StrdSz(2048) RxCqeCmprss(0 enhanced)\nmlx5_core.sf mlx5_core.sf.4: firmware version: 32.38.3056\nmlx5_core 0000:03:00.0 en3f0pf0sf2002: renamed from eth0\nmlx5_core.sf mlx5_core.sf.4: Rate limit: 127 rates are supported, range: 0Mbps to 195312Mbps\nIPv6: ADDRCONF(NETDEV_CHANGE): en3f0pf0sf2002: link becomes ready\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000060\nMem abort info:\nESR = 0x96000006\nEC = 0x25: DABT (current EL), IL = 32 bits\nSET = 0, FnV = 0\nEA = 0, S1PTW = 0\nData abort info:\nISV = 0, ISS = 0x00000006\nCM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=00000007760fb000\n[0000000000000060] pgd=000000076f6d7003, p4d=000000076f6d7003, pud=0000000777841003, pmd=0000000000000000\nInternal error: Oops: 96000006 [#1] SMP\nModules linked in: ipmb_host(OE) act_mirred(E) cls_flower(E) sch_ingress(E) mptcp_diag(E) udp_diag(E) raw_diag(E) unix_diag(E) tcp_diag(E) inet_diag(E) binfmt_misc(E) bonding(OE) rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) isofs(E) cdrom(E) mst_pciconf(OE) ib_umad(OE) mlx5_ib(OE) ipmb_dev_int(OE) mlx5_core(OE) kpatch_15237886(OEK) mlxdevm(OE) auxiliary(OE) ib_uverbs(OE) ib_core(OE) psample(E) mlxfw(OE) tls(E) sunrpc(E) vfat(E) fat(E) crct10dif_ce(E) ghash_ce(E) sha1_ce(E) sbsa_gwdt(E) virtio_console(E) ext4(E) mbcache(E) jbd2(E) xfs(E) libcrc32c(E) mmc_block(E) virtio_net(E) net_failover(E) failover(E) sha2_ce(E) sha256_arm64(E) nvme(OE) nvme_core(OE) gpio_mlxbf3(OE) mlx_compat(OE) mlxbf_pmc(OE) i2c_mlxbf(OE) sdhci_of_dwcmshc(OE) pinctrl_mlxbf3(OE) mlxbf_pka(OE) gpio_generic(E) i2c_core(E) mmc_core(E) mlxbf_gige(OE) vitesse(E) pwr_mlxbf(OE) mlxbf_tmfifo(OE) micrel(E) mlxbf_bootctl(OE) virtio_ring(E) virtio(E) ipmi_devintf(E) ipmi_msghandler(E)\n[last unloaded: mst_pci]\nCPU: 11 PID: 20913 Comm: rte-worker-11 Kdump: loaded Tainted: G           OE K   5.10.134-13.1.an8.aarch64 #1\nHardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.2.2.12968 Oct 26 2023\npstate: a0400089 (NzCv daIf +PAN -UAO -TCO BTYPE=--)\npc : dispatch_event_fd+0x68/0x300 [mlx5_ib]\nlr : devx_event_notifier+0xcc/0x228 [mlx5_ib]\nsp : ffff80001005bcf0\nx29: ffff80001005bcf0 x28: 0000000000000001\nx27: ffff244e0740a1d8 x26: ffff244e0740a1d0\nx25: ffffda56beff5ae0 x24: ffffda56bf911618\nx23: ffff244e0596a480 x22: ffff244e0596a480\nx21: ffff244d8312ad90 x20: ffff244e0596a480\nx19: fffffffffffffff0 x18: 0000000000000000\nx17: 0000000000000000 x16: ffffda56be66d620\nx15: 0000000000000000 x14: 0000000000000000\nx13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000040 x10: ffffda56bfcafb50\nx9 : ffffda5655c25f2c x8 : 0000000000000010\nx7 : 0000000000000000 x6 : ffff24545a2e24b8\nx5 : 0000000000000003 x4 : ffff80001005bd28\nx3 : 0000000000000000 x2 : 0000000000000000\nx1 : ffff244e0596a480 x0 : ffff244d8312ad90\nCall trace:\ndispatch_event_fd+0x68/0x300 [mlx5_ib]\ndevx_event_notifier+0xcc/0x228 [mlx5_ib]\natomic_notifier_call_chain+0x58/0x80\nmlx5_eq_async_int+0x148/0x2b0 [mlx5_core]\natomic_notifier_call_chain+0x58/0x80\nirq_int_handler+0x20/0x30 [mlx5_core]\n__handle_irq_event_percpu+0x60/0x220\nhandle_irq_event_percpu+0x3c/0x90\nhandle_irq_event+0x58/0x158\nhandle_fasteoi_irq+0xfc/0x188\ngeneric_handle_irq+0x34/0x48\n...",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38387"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40044",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nfs: udf: fix OOB read in lengthAllocDescs handling\nWhen parsing Allocation Extent Descriptor, lengthAllocDescs comes from\non-disk data and must be validated against the block size. Crafted or\ncorrupted images may set lengthAllocDescs so that the total descriptor\nlength (sizeof(allocExtDesc) + lengthAllocDescs) exceeds the buffer,\nleading udf_update_tag() to call crc_itu_t() on out-of-bounds memory and\ntrigger a KASAN use-after-free read.\nBUG: KASAN: use-after-free in crc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nRead of size 1 at addr ffff888041e7d000 by task syz-executor317/5309\nCPU: 0 UID: 0 PID: 5309 Comm: syz-executor317 Not tainted 6.12.0-rc4-syzkaller-00261-g850925a8133c #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:377 [inline]\nprint_report+0x169/0x550 mm/kasan/report.c:488\nkasan_report+0x143/0x180 mm/kasan/report.c:601\ncrc_itu_t+0x1d5/0x2b0 lib/crc-itu-t.c:60\nudf_update_tag+0x70/0x6a0 fs/udf/misc.c:261\nudf_write_aext+0x4d8/0x7b0 fs/udf/inode.c:2179\nextent_trunc+0x2f7/0x4a0 fs/udf/truncate.c:46\nudf_truncate_tail_extent+0x527/0x7e0 fs/udf/truncate.c:106\nudf_release_file+0xc1/0x120 fs/udf/file.c:185\n__fput+0x23f/0x880 fs/file_table.c:431\ntask_work_run+0x24f/0x310 kernel/task_work.c:239\nexit_task_work include/linux/task_work.h:43 [inline]\ndo_exit+0xa2f/0x28e0 kernel/exit.c:939\ndo_group_exit+0x207/0x2c0 kernel/exit.c:1088\n__do_sys_exit_group kernel/exit.c:1099 [inline]\n__se_sys_exit_group kernel/exit.c:1097 [inline]\n__x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097\nx64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\n</TASK>\nValidate the computed total length against epos->bh->b_size.\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40044"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2024-41013",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: don't walk off the end of a directory data block\n\nThis adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry\nto make sure don't stray beyond valid memory region. Before patching, the\nloop simply checks that the start offset of the dup and dep is within the\nrange. So in a crafted image, if last entry is xfs_dir2_data_unused, we\ncan change dup->length to dup->length-1 and leave 1 byte of space. In the\nnext traversal, this space will be considered as dup or dep. We may\nencounter an out of bound read when accessing the fixed members.\n\nIn the patch, we make sure that the remaining bytes large enough to hold\nan unused entry before accessing xfs_dir2_data_unused and\nxfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make\nsure that the remaining bytes large enough to hold a dirent with a\nsingle-byte name before accessing xfs_dir2_data_entry.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-41013"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a",
          "url": "https://git.kernel.org/stable/c/0c7fcdb6d06cdf8b19b57c17605215b06afa864a"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d",
          "url": "https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b",
          "url": "https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
        }
      ],
      "release_date": "2024-07-29T07:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-40115",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: mpt3sas: Fix crash in transport port remove by using ioc_info()\nDuring mpt3sas_transport_port_remove(), messages were logged with\ndev_printk() against &mpt3sas_port->port->dev. At this point the SAS\ntransport device may already be partially unregistered or freed, leading\nto a crash when accessing its struct device.\nUsing ioc_info(), which logs via the PCI device (ioc->pdev->dev),\nguaranteed to remain valid until driver removal.\n[83428.295776] Oops: general protection fault, probably for non-canonical address 0x6f702f323a33312d: 0000 [#1] SMP NOPTI\n[83428.295785] CPU: 145 UID: 0 PID: 113296 Comm: rmmod Kdump: loaded Tainted: G           OE       6.16.0-rc1+ #1 PREEMPT(voluntary)\n[83428.295792] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[83428.295795] Hardware name: Dell Inc. Precision 7875 Tower/, BIOS 89.1.67 02/23/2024\n[83428.295799] RIP: 0010:__dev_printk+0x1f/0x70\n[83428.295805] Code: 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 49 89 d1 48 85 f6 74 52 4c 8b 46 50 4d 85 c0 74 1f 48 8b 46 68 48 85 c0 74 22 <48> 8b 08 0f b6 7f 01 48 c7 c2 db e8 42 ad 83 ef 30 e9 7b f8 ff ff\n[83428.295813] RSP: 0018:ff85aeafc3137bb0 EFLAGS: 00010206\n[83428.295817] RAX: 6f702f323a33312d RBX: ff4290ee81292860 RCX: 5000cca25103be32\n[83428.295820] RDX: ff85aeafc3137bb8 RSI: ff4290eeb1966c00 RDI: ffffffffc1560845\n[83428.295823] RBP: ff85aeafc3137c18 R08: 74726f702f303a33 R09: ff85aeafc3137bb8\n[83428.295826] R10: ff85aeafc3137b18 R11: ff4290f5bd60fe68 R12: ff4290ee81290000\n[83428.295830] R13: ff4290ee6e345de0 R14: ff4290ee81290000 R15: ff4290ee6e345e30\n[83428.295833] FS:  00007fd9472a6740(0000) GS:ff4290f5ce96b000(0000) knlGS:0000000000000000\n[83428.295837] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[83428.295840] CR2: 00007f242b4db238 CR3: 00000002372b8006 CR4: 0000000000771ef0\n[83428.295844] PKRU: 55555554\n[83428.295846] Call Trace:\n[83428.295848]  <TASK>\n[83428.295850]  _dev_printk+0x5c/0x80\n[83428.295857]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295863]  mpt3sas_transport_port_remove+0x1c7/0x420 [mpt3sas]\n[83428.295882]  _scsih_remove_device+0x21b/0x280 [mpt3sas]\n[83428.295894]  ? _scsih_expander_node_remove+0x108/0x140 [mpt3sas]\n[83428.295906]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295910]  mpt3sas_device_remove_by_sas_address.part.0+0x8f/0x110 [mpt3sas]\n[83428.295921]  _scsih_expander_node_remove+0x129/0x140 [mpt3sas]\n[83428.295933]  _scsih_expander_node_remove+0x6a/0x140 [mpt3sas]\n[83428.295944]  scsih_remove+0x3f0/0x4a0 [mpt3sas]\n[83428.295957]  pci_device_remove+0x3b/0xb0\n[83428.295962]  device_release_driver_internal+0x193/0x200\n[83428.295968]  driver_detach+0x44/0x90\n[83428.295971]  bus_remove_driver+0x69/0xf0\n[83428.295975]  pci_unregister_driver+0x2a/0xb0\n[83428.295979]  _mpt3sas_exit+0x1f/0x300 [mpt3sas]\n[83428.295991]  __do_sys_delete_module.constprop.0+0x174/0x310\n[83428.295997]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296000]  ? __x64_sys_getdents64+0x9a/0x110\n[83428.296005]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296009]  ? syscall_trace_enter+0xf6/0x1b0\n[83428.296014]  do_syscall_64+0x7b/0x2c0\n[83428.296019]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296023]  entry_SYSCALL_64_after_hwframe+0x76/0x7e",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40115"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40186",
      "cwe": {
        "id": "CWE-826",
        "name": "Premature Release of Resource During Expected Lifetime"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ntcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().\nsyzbot reported the splat below in tcp_conn_request(). [0]\nIf a listener is close()d while a TFO socket is being processed in\ntcp_conn_request(), inet_csk_reqsk_queue_add() does not set reqsk->sk\nand calls inet_child_forget(), which calls tcp_disconnect() for the\nTFO socket.\nAfter the cited commit, tcp_disconnect() calls reqsk_fastopen_remove(),\nwhere reqsk_put() is called due to !reqsk->sk.\nThen, reqsk_fastopen_remove() in tcp_conn_request() decrements the\nlast req->rsk_refcnt and frees reqsk, and __reqsk_free() at the\ndrop_and_free label causes the refcount underflow for the listener\nand double-free of the reqsk.\nLet's remove reqsk_fastopen_remove() in tcp_conn_request().\nNote that other callers make sure tp->fastopen_rsk is not NULL.\n[0]:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 12 PID: 5563 at lib/refcount.c:28 refcount_warn_saturate (lib/refcount.c:28)\nModules linked in:\nCPU: 12 UID: 0 PID: 5563 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:refcount_warn_saturate (lib/refcount.c:28)\nCode: ab e8 8e b4 98 ff 0f 0b c3 cc cc cc cc cc 80 3d a4 e4 d6 01 00 75 9c c6 05 9b e4 d6 01 01 48 c7 c7 e8 df fb ab e8 6a b4 98 ff <0f> 0b e9 03 5b 76 00 cc 80 3d 7d e4 d6 01 00 0f 85 74 ff ff ff c6\nRSP: 0018:ffffa79fc0304a98 EFLAGS: 00010246\nRAX: d83af4db1c6b3900 RBX: ffff9f65c7a69020 RCX: d83af4db1c6b3900\nRDX: 0000000000000000 RSI: 00000000ffff7fff RDI: ffffffffac78a280\nRBP: 000000009d781b60 R08: 0000000000007fff R09: ffffffffac6ca280\nR10: 0000000000017ffd R11: 0000000000000004 R12: ffff9f65c7b4f100\nR13: ffff9f65c7d23c00 R14: ffff9f65c7d26000 R15: ffff9f65c7a64ef8\nFS:  00007f9f962176c0(0000) GS:ffff9f65fcf00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000200000000180 CR3: 000000000dbbe006 CR4: 0000000000372ef0\nCall Trace:\n<IRQ>\ntcp_conn_request (./include/linux/refcount.h:400 ./include/linux/refcount.h:432 ./include/linux/refcount.h:450 ./include/net/sock.h:1965 ./include/net/request_sock.h:131 net/ipv4/tcp_input.c:7301)\ntcp_rcv_state_process (net/ipv4/tcp_input.c:6708)\ntcp_v6_do_rcv (net/ipv6/tcp_ipv6.c:1670)\ntcp_v6_rcv (net/ipv6/tcp_ipv6.c:1906)\nip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:438)\nip6_input (net/ipv6/ip6_input.c:500)\nipv6_rcv (net/ipv6/ip6_input.c:311)\n__netif_receive_skb (net/core/dev.c:6104)\nprocess_backlog (net/core/dev.c:6456)\n__napi_poll (net/core/dev.c:7506)\nnet_rx_action (net/core/dev.c:7569 net/core/dev.c:7696)\nhandle_softirqs (kernel/softirq.c:579)\ndo_softirq (kernel/softirq.c:480)\n</IRQ>",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40186"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38211",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id's last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\nBUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\nRead of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\nCPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\nWorkqueue:  0x0 (iw_cm_wq)\nCall Trace:\n<TASK>\ndump_stack_lvl+0x6a/0x90\nprint_report+0x174/0x554\n? __virt_addr_valid+0x208/0x430\n? __pwq_activate_work+0x1ff/0x250\nkasan_report+0xae/0x170\n? __pwq_activate_work+0x1ff/0x250\n__pwq_activate_work+0x1ff/0x250\npwq_dec_nr_in_flight+0x8c5/0xfb0\nprocess_one_work+0xc11/0x1460\n? __pfx_process_one_work+0x10/0x10\n? assign_work+0x16c/0x240\nworker_thread+0x5ef/0xfd0\n? __pfx_worker_thread+0x10/0x10\nkthread+0x3b0/0x770\n? __pfx_kthread+0x10/0x10\n? rcu_is_watching+0x11/0xb0\n? _raw_spin_unlock_irq+0x24/0x50\n? rcu_is_watching+0x11/0xb0\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x30/0x70\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1a/0x30\n</TASK>\nAllocated by task 147416:\nkasan_save_stack+0x2c/0x50\nkasan_save_track+0x10/0x30\n__kasan_kmalloc+0xa6/0xb0\nalloc_work_entries+0xa9/0x260 [iw_cm]\niw_cm_connect+0x23/0x4a0 [iw_cm]\nrdma_connect_locked+0xbfd/0x1920 [rdma_cm]\nnvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\ncma_cm_event_handler+0xae/0x320 [rdma_cm]\ncma_work_handler+0x106/0x1b0 [rdma_cm]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nFreed by task 147091:\nkasan_save_stack+0x2c/0x50\nkasan_save_track+0x10/0x30\nkasan_save_free_info+0x37/0x60\n__kasan_slab_free+0x4b/0x70\nkfree+0x13a/0x4b0\ndealloc_work_entries+0x125/0x1f0 [iw_cm]\niwcm_deref_id+0x6f/0xa0 [iw_cm]\ncm_work_handler+0x136/0x1ba0 [iw_cm]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nLast potentially related work creation:\nkasan_save_stack+0x2c/0x50\nkasan_record_aux_stack+0xa3/0xb0\n__queue_work+0x2ff/0x1390\nqueue_work_on+0x67/0xc0\ncm_event_handler+0x46a/0x820 [iw_cm]\nsiw_cm_upcall+0x330/0x650 [siw]\nsiw_cm_work_handler+0x6b9/0x2b20 [siw]\nprocess_one_work+0x84f/0x1460\nworker_thread+0x5ef/0xfd0\nkthread+0x3b0/0x770\nret_from_fork+0x30/0x70\nret_from_fork_asm+0x1a/0x30\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38211"
        }
      ],
      "release_date": "2025-07-04T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38459",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\natm: clip: Fix infinite recursive call of clip_push().\nsyzbot reported the splat below. [0]\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\nDuring the first call, clip_mkip() sets clip_push() to vcc->push(),\nand the second call copies it to clip_vcc->old_push().\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc->old_push(),\ntriggering the infinite recursion.\nLet's prevent the second ioctl(ATMARP_MKIP) by checking\nvcc->user_back, which is allocated by the first call as clip_vcc.\nNote also that we use lock_sock() to prevent racy calls.\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS:  000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n<TASK>\nclip_push+0x6dc/0x720 net/atm/clip.c:200\nclip_push+0x6dc/0x720 net/atm/clip.c:200\nclip_push+0x6dc/0x720 net/atm/clip.c:200\n...\nclip_push+0x6dc/0x720 net/atm/clip.c:200\nclip_push+0x6dc/0x720 net/atm/clip.c:200\nclip_push+0x6dc/0x720 net/atm/clip.c:200\nvcc_destroy_socket net/atm/common.c:183 [inline]\nvcc_release+0x157/0x460 net/atm/common.c:205\n__sock_release net/socket.c:647 [inline]\nsock_close+0xc0/0x240 net/socket.c:1391\n__fput+0x449/0xa70 fs/file_table.c:465\ntask_work_run+0x1d1/0x260 kernel/task_work.c:227\nresume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\nexit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\nexit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\nsyscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\nsyscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\ndo_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n</TASK>\nModules linked in:",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38459"
        }
      ],
      "release_date": "2025-07-25T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38514",
      "cwe": {
        "id": "CWE-253",
        "name": "Incorrect Check of Function Return Value"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nrxrpc: Fix oops due to non-existence of prealloc backlog struct\nIf an AF_RXRPC service socket is opened and bound, but calls are\npreallocated, then rxrpc_alloc_incoming_call() will oops because the\nrxrpc_backlog struct doesn't get allocated until the first preallocation is\nmade.\nFix this by returning NULL from rxrpc_alloc_incoming_call() if there is no\nbacklog struct.  This will cause the incoming call to be aborted.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38514"
        }
      ],
      "release_date": "2025-08-16T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-38230",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: validate AG parameters in dbMount() to prevent crashes\nValidate db_agheight, db_agwidth, and db_agstart in dbMount to catch\ncorrupted metadata early and avoid undefined behavior in dbAllocAG.\nLimits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE:\n- agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift\n(L2LPERCTL - 2*agheight) >= 0.\n- agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight))\nensures agperlev >= 1.\n- Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5).\n- LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG;\n2^(10 - 2*agheight) prevents division to 0.\n- agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within\nstree (size 1365).\n- Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8).\nUBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9\nshift exponent -335544310 is negative\nCPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\nubsan_epilogue lib/ubsan.c:231 [inline]\n__ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468\ndbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400\ndbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613\njfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105\njfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:906 [inline]\n__se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38230"
        }
      ],
      "release_date": "2025-07-04T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38229",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: cxusb: no longer judge rbuf when the write fails\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\ncxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\ncxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n__i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\ni2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\ni2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\ni2c_master_send include/linux/i2c.h:109 [inline]\ni2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\ndo_loop_readv_writev fs/read_write.c:848 [inline]\nvfs_writev+0x963/0x14e0 fs/read_write.c:1057\ndo_writev+0x247/0x5c0 fs/read_write.c:1101\n__do_sys_writev fs/read_write.c:1169 [inline]\n__se_sys_writev fs/read_write.c:1166 [inline]\n__x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\nx64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38229"
        }
      ],
      "release_date": "2025-07-04T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-38102",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nVMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify\nDuring our test, it is found that a warning can be trigger in try_grab_folio\nas follow:\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130\nModules linked in:\nCPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef)\nRIP: 0010:try_grab_folio+0x106/0x130\nCall Trace:\n<TASK>\nfollow_huge_pmd+0x240/0x8e0\nfollow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0\nfollow_pud_mask.constprop.0.isra.0+0x14a/0x170\nfollow_page_mask+0x1c2/0x1f0\n__get_user_pages+0x176/0x950\n__gup_longterm_locked+0x15b/0x1060\n? gup_fast+0x120/0x1f0\ngup_fast_fallback+0x17e/0x230\nget_user_pages_fast+0x5f/0x80\nvmci_host_unlocked_ioctl+0x21c/0xf80\nRIP: 0033:0x54d2cd\n---[ end trace 0000000000000000 ]---\nDigging into the source, context->notify_page may init by get_user_pages_fast\nand can be seen in vmci_ctx_unset_notify which will try to put_page. However\nget_user_pages_fast is not finished here and lead to following\ntry_grab_folio warning. The race condition is shown as follow:\ncpu0cpu1\nvmci_host_do_set_notify\nvmci_host_setup_notify\nget_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page);\nlockless_pages_from_mm\ngup_pgd_range\ngup_huge_pmd  // update &context->notify_page\nvmci_host_do_set_notify\nvmci_ctx_unset_notify\nnotify_page = context->notify_page;\nif (notify_page)\nput_page(notify_page);// page is freed\n__gup_longterm_locked\n__get_user_pages\nfollow_trans_huge_pmd\ntry_grab_folio // warn here\nTo slove this, use local variable page to make notify_page can be seen\nafter finish get_user_pages_fast.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38102"
        }
      ],
      "release_date": "2025-07-03T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2024-50022",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevice-dax: correct pgoff align in dax_set_mapping()\n\npgoff should be aligned using ALIGN_DOWN() instead of ALIGN().  Otherwise,\nvmf->address not aligned to fault_size will be aligned to the next\nalignment, that can result in memory failure getting the wrong address.\n\nIt's a subtle situation that only can be observed in\npage_mapped_in_vma() after the page is page fault handled by\ndev_dax_huge_fault.  Generally, there is little chance to perform\npage_mapped_in_vma in dev-dax's page unless in specific error injection\nto the dax device to trigger an MCE - memory-failure.  In that case,\npage_mapped_in_vma() will be triggered to determine which task is\naccessing the failure address and kill that task in the end.\n\n\nWe used self-developed dax device (which is 2M aligned mapping) , to\nperform error injection to random address.  It turned out that error\ninjected to non-2M-aligned address was causing endless MCE until panic.\nBecause page_mapped_in_vma() kept resulting wrong address and the task\naccessing the failure address was never killed properly:\n\n\n[ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.049006] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.448042] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3784.792026] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.162502] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.461116] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3785.764730] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.042128] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.464293] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3786.818090] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n[ 3787.085297] mce: Uncorrected hardware memory error in user-access at \n200c9742380\n[ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: \nRecovered\n\nIt took us several weeks to pinpoint this problem,  but we eventually\nused bpftrace to trace the page fault and mce address and successfully\nidentified the issue.\n\n\nJoao added:\n\n; Likely we never reproduce in production because we always pin\n: device-dax regions in the region align they provide (Qemu does\n: similarly with prealloc in hugetlb/file backed memory).  I think this\n: bug requires that we touch *unpinned* device-dax regions unaligned to\n: the device-dax selected alignment (page size i.e.  4K/2M/1G)",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2024-50022"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/7fcbd9785d4c17ea533c42f20a9083a83f301fa6",
          "url": "https://git.kernel.org/stable/c/7fcbd9785d4c17ea533c42f20a9083a83f301fa6"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/9c4198dfdca818c5ce19c764d90eabd156bbc6da",
          "url": "https://git.kernel.org/stable/c/9c4198dfdca818c5ce19c764d90eabd156bbc6da"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/b822007e8db341d6f175c645ed79866db501ad86",
          "url": "https://git.kernel.org/stable/c/b822007e8db341d6f175c645ed79866db501ad86"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/e877427d218159ac29c9326100920d24330c9ee6",
          "url": "https://git.kernel.org/stable/c/e877427d218159ac29c9326100920d24330c9ee6"
        },
        {
          "category": "external",
          "summary": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",
          "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
        }
      ],
      "release_date": "2024-10-21T20:15:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40204",
      "cwe": {
        "id": "CWE-208",
        "name": "Observable Timing Discrepancy"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nsctp: Fix MAC comparison to be constant-time\nTo prevent timing attacks, MACs need to be compared in constant time.\nUse the appropriate helper function for this.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40204"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40198",
      "cwe": {
        "id": "CWE-170",
        "name": "Improper Null Termination"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\next4: avoid potential buffer over-read in parse_apply_sb_mount_options()\nUnlike other strings in the ext4 superblock, we rely on tune2fs to\nmake sure s_mount_opts is NUL terminated.  Harden\nparse_apply_sb_mount_options() by treating s_mount_opts as a potential\n__nonstring.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40198"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40197",
      "cwe": {
        "id": "CWE-908",
        "name": "Use of Uninitialized Resource"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: mc: Clear minor number before put device\nThe device minor should not be cleared after the device is released.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40197"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40194",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()\nThe cpufreq_cpu_put() call in update_qos_request() takes place too early\nbecause the latter subsequently calls freq_qos_update_request() that\nindirectly accesses the policy object in question through the QoS request\nobject passed to it.\nFortunately, update_qos_request() is called under intel_pstate_driver_lock,\nso this issue does not matter for changing the intel_pstate operation\nmode, but it theoretically can cause a crash to occur on CPU device hot\nremoval (which currently can only happen in virt, but it is formally\nsupported nevertheless).\nAddress this issue by modifying update_qos_request() to drop the\nreference to the policy later.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40194"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40154",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping\nWhen an invalid value is passed via quirk option, currently\nbytcr_rt5640 driver only shows an error message but leaves as is.\nThis may lead to unepxected results like OOB access.\nThis patch corrects the input mapping to the certain default value if\nan invalid value is passed.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40154"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-40153",
      "cwe": {
        "id": "CWE-667",
        "name": "Improper Locking"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nmm: hugetlb: avoid soft lockup when mprotect to large memory area\nWhen calling mprotect() to a large hugetlb memory area in our customer's\nworkload (~300GB hugetlb memory), soft lockup was observed:\nwatchdog: BUG: soft lockup - CPU#98 stuck for 23s! [t2_new_sysv:126916]\nCPU: 98 PID: 126916 Comm: t2_new_sysv Kdump: loaded Not tainted 6.17-rc7\nHardware name: GIGACOMPUTING R2A3-T40-AAV1/Jefferson CIO, BIOS 5.4.4.1 07/15/2025\npstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mte_clear_page_tags+0x14/0x24\nlr : mte_sync_tags+0x1c0/0x240\nsp : ffff80003150bb80\nx29: ffff80003150bb80 x28: ffff00739e9705a8 x27: 0000ffd2d6a00000\nx26: 0000ff8e4bc00000 x25: 00e80046cde00f45 x24: 0000000000022458\nx23: 0000000000000000 x22: 0000000000000004 x21: 000000011b380000\nx20: ffff000000000000 x19: 000000011b379f40 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc875e0aa5e2c\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : fffffc01ce7a5c00 x4 : 00000000046cde00 x3 : fffffc0000000000\nx2 : 0000000000000004 x1 : 0000000000000040 x0 : ffff0046cde7c000\nCall trace:\n  mte_clear_page_tags+0x14/0x24\n  set_huge_pte_at+0x25c/0x280\n  hugetlb_change_protection+0x220/0x430\n  change_protection+0x5c/0x8c\n  mprotect_fixup+0x10c/0x294\n  do_mprotect_pkey.constprop.0+0x2e0/0x3d4\n  __arm64_sys_mprotect+0x24/0x44\n  invoke_syscall+0x50/0x160\n  el0_svc_common+0x48/0x144\n  do_el0_svc+0x30/0xe0\n  el0_svc+0x30/0xf0\n  el0t_64_sync_handler+0xc4/0x148\n  el0t_64_sync+0x1a4/0x1a8\nSoft lockup is not triggered with THP or base page because there is\ncond_resched() called for each PMD size.\nAlthough the soft lockup was triggered by MTE, it should be not MTE\nspecific.  The other processing which takes long time in the loop may\ntrigger soft lockup too.\nSo add cond_resched() for hugetlb to avoid soft lockup.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40153"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40140",
      "cwe": {
        "id": "CWE-366",
        "name": "Race Condition within a Thread"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast\nsyzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb.\nThis is the sequence of events that leads to the warning:\nrtl8150_start_xmit() {\nnetif_stop_queue();\nusb_submit_urb(dev->tx_urb);\n}\nrtl8150_set_multicast() {\nnetif_stop_queue();\nnetif_wake_queue();<-- wakes up TX queue before URB is done\n}\nrtl8150_start_xmit() {\nnetif_stop_queue();\nusb_submit_urb(dev->tx_urb);<-- double submission\n}\nrtl8150_set_multicast being the ndo_set_rx_mode callback should not be\ncalling netif_stop_queue and notif_start_queue as these handle\nTX queue synchronization.\nThe net core function dev_set_rx_mode handles the synchronization\nfor rtl8150_set_multicast making it safe to remove these locks.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40140"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40134",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ndm: fix NULL pointer dereference in __dm_suspend()\nThere is a race condition between dm device suspend and table load that\ncan lead to null pointer dereference. The issue occurs when suspend is\ninvoked before table load completes:\nBUG: kernel NULL pointer dereference, address: 0000000000000054\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 6 PID: 6798 Comm: dmsetup Not tainted 6.6.0-g7e52f5f0ca9b #62\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\nRIP: 0010:blk_mq_wait_quiesce_done+0x0/0x50\nCall Trace:\n<TASK>\nblk_mq_quiesce_queue+0x2c/0x50\ndm_stop_queue+0xd/0x20\n__dm_suspend+0x130/0x330\ndm_suspend+0x11a/0x180\ndev_suspend+0x27e/0x560\nctl_ioctl+0x4cf/0x850\ndm_ctl_ioctl+0xd/0x20\nvfs_ioctl+0x1d/0x50\n__se_sys_ioctl+0x9b/0xc0\n__x64_sys_ioctl+0x19/0x30\nx64_sys_call+0x2c4a/0x4620\ndo_syscall_64+0x9e/0x1b0\nThe issue can be triggered as below:\nT1 T2\ndm_suspendtable_load\n__dm_suspenddm_setup_md_queue\ndm_mq_init_request_queue\nblk_mq_init_allocated_queue\n=> q->mq_ops = set->ops; (1)\ndm_stop_queue / dm_wait_for_completion\n=> q->tag_set NULL pointer!(2)\n=> q->tag_set = set; (3)\nFix this by checking if a valid table (map) exists before performing\nrequest-based suspend and waiting for target I/O. When map is NULL,\nskip these table-dependent suspend steps.\nEven when map is NULL, no I/O can reach any target because there is\nno table loaded; I/O submitted in this state will fail early in the\nDM layer. Skipping the table-dependent suspend logic in this case\nis safe and avoids NULL pointer dereferences.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40134"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40126",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nsparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC\nThe referenced commit introduced exception handlers on user-space memory\nreferences in copy_from_user and copy_to_user. These handlers return from\nthe respective function and calculate the remaining bytes left to copy\nusing the current register contents. This commit fixes a couple of bad\ncalculations. This will fix the return value of copy_from_user and\ncopy_to_user in the faulting case. The behaviour of memcpy stays unchanged.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40126"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40124",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nsparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III\nAnthony Yznaga tracked down that a BUG_ON in ext4 code with large folios\nenabled resulted from copy_from_user() returning impossibly large values\ngreater than the size to be copied. This lead to __copy_from_iter()\nreturning impossible values instead of the actual number of bytes it was\nable to copy.\nThe BUG_ON has been reported in\nhttps://lore.kernel.org/r/b14f55642207e63e907965e209f6323a0df6dcee.camel@physik.fu-berlin.de\nThe referenced commit introduced exception handlers on user-space memory\nreferences in copy_from_user and copy_to_user. These handlers return from\nthe respective function and calculate the remaining bytes left to copy\nusing the current register contents. The exception handlers expect that\n%o2 has already been masked during the bulk copy loop, but the masking was\nperformed after that loop. This will fix the return value of copy_from_user\nand copy_to_user in the faulting case. The behaviour of memcpy stays\nunchanged.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40124"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40112",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsparc: fix accurate exception reporting in copy_{from_to}_user for Niagara\n\nThe referenced commit introduced exception handlers on user-space memory\nreferences in copy_from_user and copy_to_user. These handlers return from\nthe respective function and calculate the remaining bytes left to copy\nusing the current register contents. This commit fixes a couple of bad\ncalculations and a broken epilogue in the exception handlers. This will\nprevent crashes and ensure correct return values of copy_from_user and\ncopy_to_user in the faulting case. The behaviour of memcpy stays unchanged.",
          "title": "Vulnerability description"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40112"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/05440320ea3e249d5f984918f2bf51210c1a7c03",
          "url": "https://git.kernel.org/stable/c/05440320ea3e249d5f984918f2bf51210c1a7c03"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/088c5098ec6d6b0396edfbf3dad3e81de8469c1c",
          "url": "https://git.kernel.org/stable/c/088c5098ec6d6b0396edfbf3dad3e81de8469c1c"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/0b67c8fc10b13a9090340c5f8a37d308f4e1571c",
          "url": "https://git.kernel.org/stable/c/0b67c8fc10b13a9090340c5f8a37d308f4e1571c"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/37547d8e6eba87507279ee3dfddfd9dc46335454",
          "url": "https://git.kernel.org/stable/c/37547d8e6eba87507279ee3dfddfd9dc46335454"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/7823fc4d8ab5e57f8db7806ff2530c03c166c4bb",
          "url": "https://git.kernel.org/stable/c/7823fc4d8ab5e57f8db7806ff2530c03c166c4bb"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/8cdeb5e482d3fdce7e825444b6ca3865e24c0228",
          "url": "https://git.kernel.org/stable/c/8cdeb5e482d3fdce7e825444b6ca3865e24c0228"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/a365ee556e45f780ee322b349a06efdad0c1458f",
          "url": "https://git.kernel.org/stable/c/a365ee556e45f780ee322b349a06efdad0c1458f"
        },
        {
          "category": "external",
          "summary": "https://git.kernel.org/stable/c/a90ce516a73dbe087f9bf3dbf311301a58d125c6",
          "url": "https://git.kernel.org/stable/c/a90ce516a73dbe087f9bf3dbf311301a58d125c6"
        }
      ],
      "release_date": "2025-11-12T11:15:00Z",
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ]
    },
    {
      "cve": "CVE-2025-40111",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/vmwgfx: Fix Use-after-free in validation\nNodes stored in the validation duplicates hashtable come from an arena\nallocator that is cleared at the end of vmw_execbuf_process. All nodes\nare expected to be cleared in vmw_validation_drop_ht but this node escaped\nbecause its resource was destroyed prematurely.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40111"
        }
      ],
      "release_date": "2025-11-12T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40106",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ncomedi: fix divide-by-zero in comedi_buf_munge()\nThe comedi_buf_munge() function performs a modulo operation\n`async->munge_chan %= async->cmd.chanlist_len` without first\nchecking if chanlist_len is zero. If a user program submits a command with\nchanlist_len set to zero, this causes a divide-by-zero error when the device\nprocesses data in the interrupt handler path.\nAdd a check for zero chanlist_len at the beginning of the\nfunction, similar to the existing checks for !map and\nCMDF_RAWDATA flag. When chanlist_len is zero, update\nmunge_count and return early, indicating the data was\nhandled without munging.\nThis prevents potential kernel panics from malformed user commands.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40106"
        }
      ],
      "release_date": "2025-10-31T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40105",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nvfs: Don't leak disconnected dentries on umount\nWhen user calls open_by_handle_at() on some inode that is not cached, we\nwill create disconnected dentry for it. If such dentry is a directory,\nexportfs_decode_fh_raw() will then try to connect this dentry to the\ndentry tree through reconnect_path(). It may happen for various reasons\n(such as corrupted fs or race with rename) that the call to\nlookup_one_unlocked() in reconnect_one() will fail to find the dentry we\nare trying to reconnect and instead create a new dentry under the\nparent. Now this dentry will not be marked as disconnected although the\nparent still may well be disconnected (at least in case this\ninconsistency happened because the fs is corrupted and .. doesn't point\nto the real parent directory). This creates inconsistency in\ndisconnected flags but AFAICS it was mostly harmless. At least until\ncommit f1ee616214cb (\"VFS: don't keep disconnected dentries on d_anon\")\nwhich removed adding of most disconnected dentries to sb->s_anon list.\nThus after this commit cleanup of disconnected dentries implicitely\nrelies on the fact that dput() will immediately reclaim such dentries.\nHowever when some leaf dentry isn't marked as disconnected, as in the\nscenario described above, the reclaim doesn't happen and the dentries\nare \"leaked\". Memory reclaim can eventually reclaim them but otherwise\nthey stay in memory and if umount comes first, we hit infamous \"Busy\ninodes after unmount\" bug. Make sure all dentries created under a\ndisconnected parent are marked as disconnected as well.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40105"
        }
      ],
      "release_date": "2025-10-30T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40087",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nNFSD: Define a proc_layoutcommit for the FlexFiles layout type\nAvoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT\noperation on a FlexFiles layout.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40087"
        }
      ],
      "release_date": "2025-10-30T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40049",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nSquashfs: fix uninit-value in squashfs_get_parent\nSyzkaller reports a \"KMSAN: uninit-value in squashfs_get_parent\" bug.\nThis is caused by open_by_handle_at() being called with a file handle\ncontaining an invalid parent inode number.  In particular the inode number\nis that of a symbolic link, rather than a directory.\nSquashfs_get_parent() gets called with that symbolic link inode, and\naccesses the parent member field.\nunsigned int parent_ino = squashfs_i(inode)->parent;\nBecause non-directory inodes in Squashfs do not have a parent value, this\nis uninitialised, and this causes an uninitialised value access.\nThe fix is to initialise parent with the invalid inode 0, which will cause\nan EINVAL error to be returned.\nRegular inodes used to share the parent field with the block_list_start\nfield.  This is removed in this commit to enable the parent field to\ncontain the invalid inode number 0.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40049"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40048",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nuio_hv_generic: Let userspace take care of interrupt mask\nRemove the logic to set interrupt mask by default in uio_hv_generic\ndriver as the interrupt mask value is supposed to be controlled\ncompletely by the user space. If the mask bit gets changed\nby the driver, concurrently with user mode operating on the ring,\nthe mask bit may be set when it is supposed to be clear, and the\nuser-mode driver will miss an interrupt which will cause a hang.\nFor eg- when the driver sets inbound ring buffer interrupt mask to 1,\nthe host does not interrupt the guest on the UIO VMBus channel.\nHowever, setting the mask does not prevent the host from putting a\nmessage in the inbound ring buffer. So let’s assume that happens,\nthe host puts a message into the ring buffer but does not interrupt.\nSubsequently, the user space code in the guest sets the inbound ring\nbuffer interrupt mask to 0, saying “Hey, I’m ready for interrupts”.\nUser space code then calls pread() to wait for an interrupt.\nThen one of two things happens:\n* The host never sends another message. So the pread() waits forever.\n* The host does send another message. But because there’s already a\nmessage in the ring buffer, it doesn’t generate an interrupt.\nThis is the correct behavior, because the host should only send an\ninterrupt when the inbound ring buffer transitions from empty to\nnot-empty. Adding an additional message to a ring buffer that is not\nempty is not supposed to generate an interrupt on the guest.\nSince the guest is waiting in pread() and not removing messages from\nthe ring buffer, the pread() waits forever.\nThis could be easily reproduced in hv_fcopy_uio_daemon if we delay\nsetting interrupt mask to 0.\nSimilarly if hv_uio_channel_cb() sets the interrupt_mask to 1,\nthere’s a race condition. Once user space empties the inbound ring\nbuffer, but before user space sets interrupt_mask to 0, the host could\nput another message in the ring buffer but it wouldn’t interrupt.\nThen the next pread() would hang.\nFix these by removing all instances where interrupt_mask is changed,\nwhile keeping the one in set_event() unchanged to enable userspace\ncontrol the interrupt mask by writing 0/1 to /dev/uioX.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40048"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40042",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\ntracing: Fix race condition in kprobe initialization causing NULL pointer dereference\nThere is a critical race condition in kprobe initialization that can lead to\nNULL pointer dereference and kernel crash.\n[1135630.084782] Unable to handle kernel paging request at virtual address 0000710a04630000\n...\n[1135630.260314] pstate: 404003c9 (nZcv DAIF +PAN -UAO)\n[1135630.269239] pc : kprobe_perf_func+0x30/0x260\n[1135630.277643] lr : kprobe_dispatcher+0x44/0x60\n[1135630.286041] sp : ffffaeff4977fa40\n[1135630.293441] x29: ffffaeff4977fa40 x28: ffffaf015340e400\n[1135630.302837] x27: 0000000000000000 x26: 0000000000000000\n[1135630.312257] x25: ffffaf029ed108a8 x24: ffffaf015340e528\n[1135630.321705] x23: ffffaeff4977fc50 x22: ffffaeff4977fc50\n[1135630.331154] x21: 0000000000000000 x20: ffffaeff4977fc50\n[1135630.340586] x19: ffffaf015340e400 x18: 0000000000000000\n[1135630.349985] x17: 0000000000000000 x16: 0000000000000000\n[1135630.359285] x15: 0000000000000000 x14: 0000000000000000\n[1135630.368445] x13: 0000000000000000 x12: 0000000000000000\n[1135630.377473] x11: 0000000000000000 x10: 0000000000000000\n[1135630.386411] x9 : 0000000000000000 x8 : 0000000000000000\n[1135630.395252] x7 : 0000000000000000 x6 : 0000000000000000\n[1135630.403963] x5 : 0000000000000000 x4 : 0000000000000000\n[1135630.412545] x3 : 0000710a04630000 x2 : 0000000000000006\n[1135630.421021] x1 : ffffaeff4977fc50 x0 : 0000710a04630000\n[1135630.429410] Call trace:\n[1135630.434828]  kprobe_perf_func+0x30/0x260\n[1135630.441661]  kprobe_dispatcher+0x44/0x60\n[1135630.448396]  aggr_pre_handler+0x70/0xc8\n[1135630.454959]  kprobe_breakpoint_handler+0x140/0x1e0\n[1135630.462435]  brk_handler+0xbc/0xd8\n[1135630.468437]  do_debug_exception+0x84/0x138\n[1135630.475074]  el1_dbg+0x18/0x8c\n[1135630.480582]  security_file_permission+0x0/0xd0\n[1135630.487426]  vfs_write+0x70/0x1c0\n[1135630.493059]  ksys_write+0x5c/0xc8\n[1135630.498638]  __arm64_sys_write+0x24/0x30\n[1135630.504821]  el0_svc_common+0x78/0x130\n[1135630.510838]  el0_svc_handler+0x38/0x78\n[1135630.516834]  el0_svc+0x8/0x1b0\nkernel/trace/trace_kprobe.c: 1308\n0xffff3df8995039ec <kprobe_perf_func+0x2c>:     ldr     x21, [x24,#120]\ninclude/linux/compiler.h: 294\n0xffff3df8995039f0 <kprobe_perf_func+0x30>:     ldr     x1, [x21,x0]\nkernel/trace/trace_kprobe.c\n1308: head = this_cpu_ptr(call->perf_events);\n1309: if (hlist_empty(head))\n1310: return 0;\ncrash> struct trace_event_call -o\nstruct trace_event_call {\n...\n[120] struct hlist_head *perf_events;  //(call->perf_event)\n...\n}\ncrash> struct trace_event_call ffffaf015340e528\nstruct trace_event_call {\n...\nperf_events = 0xffff0ad5fa89f088, //this value is correct, but x21 = 0\n...\n}\nRace Condition Analysis:\nThe race occurs between kprobe activation and perf_events initialization:\nCPU0                                    CPU1\n====                                    ====\nperf_kprobe_init\nperf_trace_event_init\ntp_event->perf_events = list;(1)\ntp_event->class->reg (2)← KPROBE ACTIVE\nDebug exception triggers\n...\nkprobe_dispatcher\nkprobe_perf_func (tk->tp.flags & TP_FLAG_PROFILE)\nhead = this_cpu_ptr(call->perf_events)(3)\n(perf_events is still NULL)\nProblem:\n1. CPU0 executes (1) assigning tp_event->perf_events = list\n2. CPU0 executes (2) enabling kprobe functionality via class->reg()\n3. CPU1 triggers and reaches kprobe_dispatcher\n4. CPU1 checks TP_FLAG_PROFILE - condition passes (step 2 completed)\n5. CPU1 calls kprobe_perf_func() and crashes at (3) because\ncall->perf_events is still NULL\nCPU1 sees that kprobe functionality is enabled but does not see that\nperf_events has been assigned.\nAdd pairing read an\n---truncated---",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40042"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40035",
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nInput: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak\nStruct ff_effect_compat is embedded twice inside\nuinput_ff_upload_compat, contains internal padding. In particular, there\nis a hole after struct ff_replay to satisfy alignment requirements for\nthe following union member. Without clearing the structure,\ncopy_to_user() may leak stack data to userspace.\nInitialize ff_up_compat to zero before filling valid fields.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40035"
        }
      ],
      "release_date": "2025-10-28T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40018",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nipvs: Defer ip_vs_ftp unregister during netns cleanup\nOn the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp\nbefore connections with valid cp->app pointers are flushed, leading to a\nuse-after-free.\nFix this by introducing a global `exiting_module` flag, set to true in\nip_vs_ftp_exit() before unregistering the pernet subsystem. In\n__ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns\ncleanup (when exiting_module is false) and defer it to\n__ip_vs_cleanup_batch(), which unregisters all apps after all connections\nare flushed. If called during module exit, unregister ip_vs_ftp\nimmediately.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40018"
        }
      ],
      "release_date": "2025-10-24T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    },
    {
      "cve": "CVE-2025-40001",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: mvsas: Fix use-after-free bugs in mvs_work_queue\nDuring the detaching of Marvell's SAS/SATA controller, the original code\ncalls cancel_delayed_work() in mvs_free() to cancel the delayed work\nitem mwq->work_q. However, if mwq->work_q is already running, the\ncancel_delayed_work() may fail to cancel it. This can lead to\nuse-after-free scenarios where mvs_free() frees the mvs_info while\nmvs_work_queue() is still executing and attempts to access the\nalready-freed mvs_info.\nA typical race condition is illustrated below:\nCPU 0 (remove)            | CPU 1 (delayed work callback)\nmvs_pci_remove()          |\nmvs_free()              | mvs_work_queue()\ncancel_delayed_work() |\nkfree(mvi)          |\n|   mvi-> // UAF\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the delayed work item is properly canceled and any executing\ndelayed work item completes before the mvs_info is deallocated.\nThis bug was found by static analysis.",
          "title": "Vulnerability description"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
          "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40001"
        }
      ],
      "release_date": "2025-10-18T00:00:00Z",
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64",
            "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ]
    }
  ]
}