{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "crypto: lzo - Fix compression buffer overrun {CVE-2025-38068}\n- wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863}\n- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945}\n- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-40186}\n- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}\n- Squashfs: check return result of sb_min_blocksize {CVE-2025-38415}\n- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757}\n- ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403}\n- scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322}\n- fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-2978}\n- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729}\n- ipv6: Fix infinite recursion in fib6_dump_done(). {CVE-2024-35886}\n- wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157}\n- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245}\n- atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}\n- smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2026/clsa-2026_1767867153.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "tracking": { "current_release_date": "2026-01-08T10:15:05Z", "generator": { "date": "2026-01-08T10:15:05Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1767867153", "initial_release_date": "2026-01-08T10:15:05Z", "revision_history": [ { "date": "2026-01-08T10:15:05Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 16 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_id": "kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.139.1.el7.tuxcare.els4?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-35886", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix infinite recursion in fib6_dump_done().\n\nsyzkaller reported infinite recursive calls of fib6_dump_done() during\nnetlink socket destruction. [1]\n\nFrom the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then\nthe response was generated. The following recvmmsg() resumed the dump\nfor IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due\nto the fault injection. [0]\n\n 12:01:34 executing program 3:\n r0 = socket$nl_route(0x10, 0x3, 0x0)\n sendmsg$nl_route(r0, ... snip ...)\n recvmmsg(r0, ... snip ...) (fail_nth: 8)\n\nHere, fib6_dump_done() was set to nlk_sk(sk)->cb.done, and the next call\nof inet6_dump_fib() set it to nlk_sk(sk)->cb.args[3]. syzkaller stopped\nreceiving the response halfway through, and finally netlink_sock_destruct()\ncalled nlk_sk(sk)->cb.done().\n\nfib6_dump_done() calls fib6_dump_end() and nlk_sk(sk)->cb.done() if it\nis still not NULL. fib6_dump_end() rewrites nlk_sk(sk)->cb.done() by\nnlk_sk(sk)->cb.args[3], but it has the same function, not NULL, calling\nitself recursively and hitting the stack guard page.\n\nTo avoid the issue, let's set the destructor after kzalloc().\n\n[0]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 1 PID: 432110 Comm: syz-executor.3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \n dump_stack_lvl (lib/dump_stack.c:117)\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3733)\n kmalloc_trace (mm/slub.c:3748 mm/slub.c:3827 mm/slub.c:3992)\n inet6_dump_fib (./include/linux/slab.h:628 ./include/linux/slab.h:749 net/ipv6/ip6_fib.c:662)\n rtnl_dump_all (net/core/rtnetlink.c:4029)\n netlink_dump (net/netlink/af_netlink.c:2269)\n netlink_recvmsg (net/netlink/af_netlink.c:1988)\n ____sys_recvmsg (net/socket.c:1046 net/socket.c:2801)\n ___sys_recvmsg (net/socket.c:2846)\n do_recvmmsg (net/socket.c:2943)\n __x64_sys_recvmmsg (net/socket.c:3041 net/socket.c:3034 net/socket.c:3034)\n\n[1]:\nBUG: TASK stack guard page was hit at 00000000f2fa9af1 (stack is 00000000b7912430..000000009a436beb)\nstack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 223719 Comm: kworker/1:3 Not tainted 6.8.0-12821-g537c2e91d354-dirty #11\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: events netlink_sock_destruct_work\nRIP: 0010:fib6_dump_done (net/ipv6/ip6_fib.c:570)\nCode: 3c 24 e8 f3 e9 51 fd e9 28 fd ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 41 57 41 56 41 55 41 54 55 48 89 fd <53> 48 8d 5d 60 e8 b6 4d 07 fd 48 89 da 48 b8 00 00 00 00 00 fc ff\nRSP: 0018:ffffc9000d980000 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffffffff84405990 RCX: ffffffff844059d3\nRDX: ffff8881028e0000 RSI: ffffffff84405ac2 RDI: ffff88810c02f358\nRBP: ffff88810c02f358 R08: 0000000000000007 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000224 R12: 0000000000000000\nR13: ffff888007c82c78 R14: ffff888007c82c68 R15: ffff888007c82c68\nFS: 0000000000000000(0000) GS:ffff88811b100000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d97fff8 CR3: 0000000102309002 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n <#DF>\n \n \n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n ...\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n fib6_dump_done (net/ipv6/ip6_fib.c:572 (discriminator 1))\n netlink_sock_destruct (net/netlink/af_netlink.c:401)\n __sk_destruct (net/core/sock.c:2177 (discriminator 2))\n sk_destruct (net/core/sock.c:2224)\n __sk_free (net/core/sock.c:2235)\n sk_free (net/core/sock.c:2246)\n process_one_work (kernel/workqueue.c:3259)\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-35886" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2", "url": "https://git.kernel.org/stable/c/167d4b47a9bdcb01541dfa29e9f3cbb8edd3dfd2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778", "url": "https://git.kernel.org/stable/c/40a344b2ddc06c1a2caa7208a43911f39c662778" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061", "url": "https://git.kernel.org/stable/c/4a7c465a5dcd657d59d25bf4815e19ac05c13061" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe", "url": "https://git.kernel.org/stable/c/9472d07cd095cbd3294ac54c42f304a38fbe9bfe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985", "url": "https://git.kernel.org/stable/c/9c5258196182c25b55c33167cd72fdd9bbf08985" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae", "url": "https://git.kernel.org/stable/c/d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776", "url": "https://git.kernel.org/stable/c/f2dd75e57285f49e34af1a5b6cd8945c08243776" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6", "url": "https://git.kernel.org/stable/c/fd307f2d91d40fa7bc55df3e2cd1253fabf8a2d6" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "release_date": "2024-05-19T09:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-50367", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode->i_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode->i_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50367" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8", "url": "https://git.kernel.org/stable/c/1e555c3ed1fce4b278aaebe18a64a934cece57d8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9", "url": "https://git.kernel.org/stable/c/2a96b532098284ecf8e4849b8b9e5fc7a28bdee9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29", "url": "https://git.kernel.org/stable/c/2e488f13755ffbb60f307e991b27024716a33b29" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115", "url": "https://git.kernel.org/stable/c/64b79e632869ad3ef6c098a4731d559381da1115" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4", "url": "https://git.kernel.org/stable/c/70e4f70d54e0225f91814e8610477d65f33cefe4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452", "url": "https://git.kernel.org/stable/c/81de80330fa6907aec32eb54c5619059e6e36452" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4", "url": "https://git.kernel.org/stable/c/c0aa76b0f17f59dd9c9d3463550a2986a1d592e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad", "url": "https://git.kernel.org/stable/c/d1ff475d7c83289d0a7faef346ea3bbf90818bad" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48", "url": "https://git.kernel.org/stable/c/ec2aab115eb38ac4992ea2fcc2a02fbe7af5cf48" } ], "release_date": "2025-09-17T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-50403", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "A vulnerability was identified in the Linux kernel's ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image, the kernel performs an incorrect calculation. This action results in unpredictable system behavior.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50403" } ], "release_date": "2025-09-18T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38157", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k_htc: Abort software beacon handling if disabled\n\nA malicious USB device can send a WMI_SWBA_EVENTID event from an\nath9k_htc-managed device before beaconing has been enabled. This causes\na device-by-zero error in the driver, leading to either a crash or an\nout of bounds read.\n\nPrevent this by aborting the handling in ath9k_htc_swba() if beacons are\nnot enabled.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38157" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0281c19074976ec48f0078d50530b406ddae75bc", "url": "https://git.kernel.org/stable/c/0281c19074976ec48f0078d50530b406ddae75bc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/40471b23147c86ea3ed97faee79937c618250bd0", "url": "https://git.kernel.org/stable/c/40471b23147c86ea3ed97faee79937c618250bd0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5482ef9875eaa43f0435e14570e1193823de857e", "url": "https://git.kernel.org/stable/c/5482ef9875eaa43f0435e14570e1193823de857e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5a85c21f812e02cb00ca07007d88acdd42d08c46", "url": "https://git.kernel.org/stable/c/5a85c21f812e02cb00ca07007d88acdd42d08c46" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7ee3fb6258da8c890a51b514f60d7570dc703605", "url": "https://git.kernel.org/stable/c/7ee3fb6258da8c890a51b514f60d7570dc703605" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ac4e317a95a1092b5da5b9918b7118759342641c", "url": "https://git.kernel.org/stable/c/ac4e317a95a1092b5da5b9918b7118759342641c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e5ce9df1d68094d37360dbd9b09289d42fa21e54", "url": "https://git.kernel.org/stable/c/e5ce9df1d68094d37360dbd9b09289d42fa21e54" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee5ee646385f5846dcbc881389f3c44a197c402a", "url": "https://git.kernel.org/stable/c/ee5ee646385f5846dcbc881389f3c44a197c402a" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-03T09:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40186", "cwe": { "id": "CWE-826", "name": "Premature Release of Resource During Expected Lifetime" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().\nsyzbot reported the splat below in tcp_conn_request(). [0]\nIf a listener is close()d while a TFO socket is being processed in\ntcp_conn_request(), inet_csk_reqsk_queue_add() does not set reqsk->sk\nand calls inet_child_forget(), which calls tcp_disconnect() for the\nTFO socket.\nAfter the cited commit, tcp_disconnect() calls reqsk_fastopen_remove(),\nwhere reqsk_put() is called due to !reqsk->sk.\nThen, reqsk_fastopen_remove() in tcp_conn_request() decrements the\nlast req->rsk_refcnt and frees reqsk, and __reqsk_free() at the\ndrop_and_free label causes the refcount underflow for the listener\nand double-free of the reqsk.\nLet's remove reqsk_fastopen_remove() in tcp_conn_request().\nNote that other callers make sure tp->fastopen_rsk is not NULL.\n[0]:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 12 PID: 5563 at lib/refcount.c:28 refcount_warn_saturate (lib/refcount.c:28)\nModules linked in:\nCPU: 12 UID: 0 PID: 5563 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:refcount_warn_saturate (lib/refcount.c:28)\nCode: ab e8 8e b4 98 ff 0f 0b c3 cc cc cc cc cc 80 3d a4 e4 d6 01 00 75 9c c6 05 9b e4 d6 01 01 48 c7 c7 e8 df fb ab e8 6a b4 98 ff <0f> 0b e9 03 5b 76 00 cc 80 3d 7d e4 d6 01 00 0f 85 74 ff ff ff c6\nRSP: 0018:ffffa79fc0304a98 EFLAGS: 00010246\nRAX: d83af4db1c6b3900 RBX: ffff9f65c7a69020 RCX: d83af4db1c6b3900\nRDX: 0000000000000000 RSI: 00000000ffff7fff RDI: ffffffffac78a280\nRBP: 000000009d781b60 R08: 0000000000007fff R09: ffffffffac6ca280\nR10: 0000000000017ffd R11: 0000000000000004 R12: ffff9f65c7b4f100\nR13: ffff9f65c7d23c00 R14: ffff9f65c7d26000 R15: ffff9f65c7a64ef8\nFS: 00007f9f962176c0(0000) GS:ffff9f65fcf00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000200000000180 CR3: 000000000dbbe006 CR4: 0000000000372ef0\nCall Trace:\n\ntcp_conn_request (./include/linux/refcount.h:400 ./include/linux/refcount.h:432 ./include/linux/refcount.h:450 ./include/net/sock.h:1965 ./include/net/request_sock.h:131 net/ipv4/tcp_input.c:7301)\ntcp_rcv_state_process (net/ipv4/tcp_input.c:6708)\ntcp_v6_do_rcv (net/ipv6/tcp_ipv6.c:1670)\ntcp_v6_rcv (net/ipv6/tcp_ipv6.c:1906)\nip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:438)\nip6_input (net/ipv6/ip6_input.c:500)\nipv6_rcv (net/ipv6/ip6_input.c:311)\n__netif_receive_skb (net/core/dev.c:6104)\nprocess_backlog (net/core/dev.c:6456)\n__napi_poll (net/core/dev.c:7506)\nnet_rx_action (net/core/dev.c:7569 net/core/dev.c:7696)\nhandle_softirqs (kernel/softirq.c:579)\ndo_softirq (kernel/softirq.c:480)\n", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40186" } ], "release_date": "2025-11-12T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39955", "cwe": { "id": "CWE-213", "name": "Exposure of Sensitive Information Due to Incompatible Policies" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().\nsyzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk\nin the TCP_ESTABLISHED state. [0]\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n1. accept()\n2. connect(AF_UNSPEC)\n3. connect() to another destination\nAs of accept(), sk->sk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\nSince tcp_disconnect() forgot to clear tcp_sk(sk)->fastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\nLet's call reqsk_fastopen_remove() in tcp_disconnect().\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 <0f> 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n\ntcp_write_timer (net/ipv4/tcp_timer.c:738)\ncall_timer_fn (kernel/time/timer.c:1747)\n__run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\ntimer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\ntmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n__walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\ntmigr_handle_remote (kernel/time/timer_migration.c:1096)\nhandle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\nirq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\nsysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39955" } ], "release_date": "2025-10-09T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38729", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38729" } ], "release_date": "2025-09-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39757", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Validate UAC3 cluster segment descriptors\nUAC3 class segment descriptors need to be verified whether their sizes\nmatch with the declared lengths and whether they fit with the\nallocated buffer sizes, too. Otherwise malicious firmware may lead to\nthe unexpected OOB accesses.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39757" } ], "release_date": "2025-09-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-2978", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-2978" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html", "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00034.html" }, { "category": "external", "summary": "https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91%40hust.edu.cn/T/#u", "url": "https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91%40hust.edu.cn/T/#u" } ], "release_date": "2022-08-24T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-53322", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Wait for io return on terminate rport\n\nSystem crash due to use after free.\nCurrent code allows terminate_rport_io to exit before making\nsure all IOs has returned. For FCP-2 device, IO's can hang\non in HW because driver has not tear down the session in FW at\nfirst sign of cable pull. When dev_loss_tmo timer pops,\nterminate_rport_io is called and upper layer is about to\nfree various resources. Terminate_rport_io trigger qla to do\nthe final cleanup, but the cleanup might not be fast enough where it\nleave qla still holding on to the same resource.\n\nWait for IO's to return to upper layer before resources are freed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-53322" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/079c8264ed9fea8cbcac01ad29040f901cbc3692", "url": "https://git.kernel.org/stable/c/079c8264ed9fea8cbcac01ad29040f901cbc3692" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4647d2e88918a078359d1532d90c417a38542c9e", "url": "https://git.kernel.org/stable/c/4647d2e88918a078359d1532d90c417a38542c9e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5bcdaafd92be6035ddc77fa76650cf9dd5b864c4", "url": "https://git.kernel.org/stable/c/5bcdaafd92be6035ddc77fa76650cf9dd5b864c4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8a55556cd7e0220486163b1285ce11a8be2ce5fa", "url": "https://git.kernel.org/stable/c/8a55556cd7e0220486163b1285ce11a8be2ce5fa" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90770dad1eb30967ebd8d37d82830bcf270b3293", "url": "https://git.kernel.org/stable/c/90770dad1eb30967ebd8d37d82830bcf270b3293" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a9fe97fb7b4ee21bffb76f2acb05769bad27ae70", "url": "https://git.kernel.org/stable/c/a9fe97fb7b4ee21bffb76f2acb05769bad27ae70" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d25fded78d88e1515439b3ba581684d683e0b6ab", "url": "https://git.kernel.org/stable/c/d25fded78d88e1515439b3ba581684d683e0b6ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc0cba0c7be8261a1625098bd1d695077ec621c9", "url": "https://git.kernel.org/stable/c/fc0cba0c7be8261a1625098bd1d695077ec621c9" } ], "release_date": "2025-09-16T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38051", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n >ffff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38051" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1b197931fbc821bc7e9e91bf619400db563e3338", "url": "https://git.kernel.org/stable/c/1b197931fbc821bc7e9e91bf619400db563e3338" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/73cadde98f67f76c5eba00ac0b72c453383cec8b", "url": "https://git.kernel.org/stable/c/73cadde98f67f76c5eba00ac0b72c453383cec8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9bea368648ac46f8593a780760362e40291d22a9", "url": "https://git.kernel.org/stable/c/9bea368648ac46f8593a780760362e40291d22a9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9c9aafbacc183598f064902365e107b5e856531f", "url": "https://git.kernel.org/stable/c/9c9aafbacc183598f064902365e107b5e856531f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a24c2f05ac3c5b0aaa539d9d913826d2643dfd0e", "url": "https://git.kernel.org/stable/c/a24c2f05ac3c5b0aaa539d9d913826d2643dfd0e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a7a8fe56e932a36f43e031b398aef92341bf5ea0", "url": "https://git.kernel.org/stable/c/a7a8fe56e932a36f43e031b398aef92341bf5ea0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/aee067e88d61eb72e966f094e4749c6b14e7008f", "url": "https://git.kernel.org/stable/c/aee067e88d61eb72e966f094e4749c6b14e7008f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c8623231e0edfcccb7cc6add0288fa0f0594282f", "url": "https://git.kernel.org/stable/c/c8623231e0edfcccb7cc6add0288fa0f0594282f" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-06-18T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38068", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lzo - Fix compression buffer overrun\n\nUnlike the decompression code, the compression code in LZO never\nchecked for output overruns. It instead assumes that the caller\nalways provides enough buffer space, disregarding the buffer length\nprovided by the caller.\n\nAdd a safe compression interface that checks for the end of buffer\nbefore each write. Use the safe interface in crypto/lzo.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38068" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a", "url": "https://git.kernel.org/stable/c/0acdc4d6e679ba31d01e3e7e2e4124b76d6d8e2a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/167373d77c70c2b558aae3e327b115249bb2652c", "url": "https://git.kernel.org/stable/c/167373d77c70c2b558aae3e327b115249bb2652c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111", "url": "https://git.kernel.org/stable/c/4b173bb2c4665c23f8fcf5241c7b06dfa6b5b111" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7caad075acb634a74911830d6386c50ea12566cd", "url": "https://git.kernel.org/stable/c/7caad075acb634a74911830d6386c50ea12566cd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf013d713d04d1d13", "url": "https://git.kernel.org/stable/c/a98bd864e16f91c70b2469adf013d713d04d1d13" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cc47f07234f72cbd8e2c973cdbf2a6730660a463", "url": "https://git.kernel.org/stable/c/cc47f07234f72cbd8e2c973cdbf2a6730660a463" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-06-18T10:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-50410", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Protect against send buffer overflow in NFSv2 READ\n\nSince before the git era, NFSD has conserved the number of pages\nheld by each nfsd thread by combining the RPC receive and send\nbuffers into a single array of pages. This works because there are\nno cases where an operation needs a large RPC Call message and a\nlarge RPC Reply at the same time.\n\nOnce an RPC Call has been received, svc_process() updates\nsvc_rqst::rq_res to describe the part of rq_pages that can be\nused for constructing the Reply. This means that the send buffer\n(rq_res) shrinks when the received RPC record containing the RPC\nCall is large.\n\nA client can force this shrinkage on TCP by sending a correctly-\nformed RPC Call header contained in an RPC record that is\nexcessively large. The full maximum payload size cannot be\nconstructed in that case.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50410" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1868332032eccbab8c1878a0d918193058c0a905", "url": "https://git.kernel.org/stable/c/1868332032eccbab8c1878a0d918193058c0a905" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2007867c5874134f2271eb276398208070049dd3", "url": "https://git.kernel.org/stable/c/2007867c5874134f2271eb276398208070049dd3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2be9331ca6061bc6ea32247266f45b8b21030244", "url": "https://git.kernel.org/stable/c/2be9331ca6061bc6ea32247266f45b8b21030244" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/401bc1f90874280a80b93f23be33a0e7e2d1f912", "url": "https://git.kernel.org/stable/c/401bc1f90874280a80b93f23be33a0e7e2d1f912" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea4c3eee0fd72fcedaa238556044825639cd3607", "url": "https://git.kernel.org/stable/c/ea4c3eee0fd72fcedaa238556044825639cd3607" } ], "release_date": "2025-09-18T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38004", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: bcm: add locking for bcm_op runtime updates\n\nThe CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via\nhrtimer. The content and also the length of the sequence can be changed\nresp reduced at runtime where the 'currframe' counter is then set to zero.\n\nAlthough this appeared to be a safe operation the updates of 'currframe'\ncan be triggered from user space and hrtimer context in bcm_can_tx().\nAnderson Nascimento created a proof of concept that triggered a KASAN\nslab-out-of-bounds read access which can be prevented with a spin_lock_bh.\n\nAt the rework of bcm_can_tx() the 'count' variable has been moved into\nthe protected section as this variable can be modified from both contexts\ntoo.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38004" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a437b86ac5a9893c902f30ef66815bf13587bf6", "url": "https://git.kernel.org/stable/c/2a437b86ac5a9893c902f30ef66815bf13587bf6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7595de7bc56e0e52b74e56c90f7e247bf626d628", "url": "https://git.kernel.org/stable/c/7595de7bc56e0e52b74e56c90f7e247bf626d628" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/76c84c3728178b2d38d5604e399dfe8b0752645e", "url": "https://git.kernel.org/stable/c/76c84c3728178b2d38d5604e399dfe8b0752645e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f1c022541bf5a923c8d6fa483112c15250f30a4", "url": "https://git.kernel.org/stable/c/8f1c022541bf5a923c8d6fa483112c15250f30a4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7", "url": "https://git.kernel.org/stable/c/c2aba69d0c36a496ab4f2e81e9c2b271f2693fd7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c4e8a172501e677ebd8ea9d9161d97dc4df56fbd", "url": "https://git.kernel.org/stable/c/c4e8a172501e677ebd8ea9d9161d97dc4df56fbd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cc55dd28c20a6611e30596019b3b2f636819a4c0", "url": "https://git.kernel.org/stable/c/cc55dd28c20a6611e30596019b3b2f636819a4c0" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fbd8fdc2b218e979cfe422b139b8f74c12419d1f", "url": "https://git.kernel.org/stable/c/fbd8fdc2b218e979cfe422b139b8f74c12419d1f" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-06-08T11:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-43945", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-43945" }, { "category": "external", "summary": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html", "url": "http://packetstormsecurity.com/files/171289/Kernel-Live-Patch-Security-Notice-LNS-0092-1.html" }, { "category": "external", "summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20221215-0006/", "url": "https://security.netapp.com/advisory/ntap-20221215-0006/" } ], "release_date": "2022-11-04T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38245", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().\n\nsyzbot reported a warning below during atm_dev_register(). [0]\n\nBefore creating a new device and procfs/sysfs for it, atm_dev_register()\nlooks up a duplicated device by __atm_dev_lookup(). These operations are\ndone under atm_dev_mutex.\n\nHowever, when removing a device in atm_dev_deregister(), it releases the\nmutex just after removing the device from the list that __atm_dev_lookup()\niterates over.\n\nSo, there will be a small race window where the device does not exist on\nthe device list but procfs/sysfs are still not removed, triggering the\nsplat.\n\nLet's hold the mutex until procfs/sysfs are removed in\natm_dev_deregister().\n\n[0]:\nproc_dir_entry 'atm/atmtcp:0' already registered\nWARNING: CPU: 0 PID: 5919 at fs/proc/generic.c:377 proc_register+0x455/0x5f0 fs/proc/generic.c:377\nModules linked in:\nCPU: 0 UID: 0 PID: 5919 Comm: syz-executor284 Not tainted 6.16.0-rc2-syzkaller-00047-g52da431bf03b #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025\nRIP: 0010:proc_register+0x455/0x5f0 fs/proc/generic.c:377\nCode: 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 a2 01 00 00 48 8b 44 24 10 48 c7 c7 20 c0 c2 8b 48 8b b0 d8 00 00 00 e8 0c 02 1c ff 90 <0f> 0b 90 90 48 c7 c7 80 f2 82 8e e8 0b de 23 09 48 8b 4c 24 28 48\nRSP: 0018:ffffc9000466fa30 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ae248\nRDX: ffff888026280000 RSI: ffffffff817ae255 RDI: 0000000000000001\nRBP: ffff8880232bed48 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000001 R12: ffff888076ed2140\nR13: dffffc0000000000 R14: ffff888078a61340 R15: ffffed100edda444\nFS: 00007f38b3b0c6c0(0000) GS:ffff888124753000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f38b3bdf953 CR3: 0000000076d58000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n proc_create_data+0xbe/0x110 fs/proc/generic.c:585\n atm_proc_dev_register+0x112/0x1e0 net/atm/proc.c:361\n atm_dev_register+0x46d/0x890 net/atm/resources.c:113\n atmtcp_create+0x77/0x210 drivers/atm/atmtcp.c:369\n atmtcp_attach drivers/atm/atmtcp.c:403 [inline]\n atmtcp_ioctl+0x2f9/0xd60 drivers/atm/atmtcp.c:464\n do_vcc_ioctl+0x12c/0x930 net/atm/ioctl.c:159\n sock_do_ioctl+0x115/0x280 net/socket.c:1190\n sock_ioctl+0x227/0x6b0 net/socket.c:1311\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl fs/ioctl.c:893 [inline]\n __x64_sys_ioctl+0x18b/0x210 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x4c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f38b3b74459\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f38b3b0c198 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f38b3bfe318 RCX: 00007f38b3b74459\nRDX: 0000000000000000 RSI: 0000000000006180 RDI: 0000000000000005\nRBP: 00007f38b3bfe310 R08: 65732f636f72702f R09: 65732f636f72702f\nR10: 65732f636f72702f R11: 0000000000000246 R12: 00007f38b3bcb0ac\nR13: 00007f38b3b0c1a0 R14: 0000200000000200 R15: 00007f38b3bcb03b\n ", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38245" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/26248d5d68c865b888d632162abbf8130645622c", "url": "https://git.kernel.org/stable/c/26248d5d68c865b888d632162abbf8130645622c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2a8dcee649d12f69713f2589171a1caf6d4fa439", "url": "https://git.kernel.org/stable/c/2a8dcee649d12f69713f2589171a1caf6d4fa439" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4bb1bb438134d9ee6b97cc07289dd7c569092eec", "url": "https://git.kernel.org/stable/c/4bb1bb438134d9ee6b97cc07289dd7c569092eec" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6922f1a048c090f10704bbef4a3a1e81932d2e0a", "url": "https://git.kernel.org/stable/c/6922f1a048c090f10704bbef4a3a1e81932d2e0a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a433791aeaea6e84df709e0b9584b9bbe040cd1c", "url": "https://git.kernel.org/stable/c/a433791aeaea6e84df709e0b9584b9bbe040cd1c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ae539d963a17443ec54cba8a767e4ffa318264f4", "url": "https://git.kernel.org/stable/c/ae539d963a17443ec54cba8a767e4ffa318264f4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b2e40fcfe1575faaa548f87614006d3fe44c779e", "url": "https://git.kernel.org/stable/c/b2e40fcfe1575faaa548f87614006d3fe44c779e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cabed6ba92a9a8c09da02a3f20e32ecd80989896", "url": "https://git.kernel.org/stable/c/cabed6ba92a9a8c09da02a3f20e32ecd80989896" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-09T11:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38415", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk->devblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk->devblksize_log2 = ffz(~msblk->devblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk->devblksize is set to 0.\n\nAs a result, ffz(~msblk->devblksize) returns 64, and msblk->devblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type 'u64' (aka\n'unsigned long long')\n\nThis commit adds a check for a 0 return by sb_min_blocksize().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38415" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0aff95d9bc7fb5400ca8af507429c4b067bdb425", "url": "https://git.kernel.org/stable/c/0aff95d9bc7fb5400ca8af507429c4b067bdb425" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/295ab18c2dbce8d0ac6ecf7c5187e16e1ac8b282", "url": "https://git.kernel.org/stable/c/295ab18c2dbce8d0ac6ecf7c5187e16e1ac8b282" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4f99357dadbf9c979ad737156ad4c37fadf7c56b", "url": "https://git.kernel.org/stable/c/4f99357dadbf9c979ad737156ad4c37fadf7c56b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/549f9e3d7b60d53808c98b9fde49b4f46d0524a5", "url": "https://git.kernel.org/stable/c/549f9e3d7b60d53808c98b9fde49b4f46d0524a5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5c51aa862cbeed2f3887f0382a2708956710bd68", "url": "https://git.kernel.org/stable/c/5c51aa862cbeed2f3887f0382a2708956710bd68" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6abf6b78c6fb112eee495f5636ffcc350dd2ce25", "url": "https://git.kernel.org/stable/c/6abf6b78c6fb112eee495f5636ffcc350dd2ce25" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/734aa85390ea693bb7eaf2240623d41b03705c84", "url": "https://git.kernel.org/stable/c/734aa85390ea693bb7eaf2240623d41b03705c84" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/db7096ea160e40d78c67fce52e7cc51bde049497", "url": "https://git.kernel.org/stable/c/db7096ea160e40d78c67fce52e7cc51bde049497" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-25T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38459", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix infinite recursive call of clip_push().\n\nsyzbot reported the splat below. [0]\n\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\n\nDuring the first call, clip_mkip() sets clip_push() to vcc->push(),\nand the second call copies it to clip_vcc->old_push().\n\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc->old_push(),\ntriggering the infinite recursion.\n\nLet's prevent the second ioctl(ATMARP_MKIP) by checking\nvcc->user_back, which is allocated by the first call as clip_vcc.\n\nNote also that we use lock_sock() to prevent racy calls.\n\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n \n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n...\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n vcc_destroy_socket net/atm/common.c:183 [inline]\n vcc_release+0x157/0x460 net/atm/common.c:205\n __sock_release net/socket.c:647 [inline]\n sock_close+0xc0/0x240 net/socket.c:1391\n __fput+0x449/0xa70 fs/file_table.c:465\n task_work_run+0x1d1/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\n exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\n do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n \nModules linked in:", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38459" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e", "url": "https://git.kernel.org/stable/c/024876b247a882972095b22087734dcd23396a4e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352", "url": "https://git.kernel.org/stable/c/125166347d5676466d368aadc0bbc31ee7714352" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f", "url": "https://git.kernel.org/stable/c/1579a2777cb914a249de22c789ba4d41b154509f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31", "url": "https://git.kernel.org/stable/c/3f61b997fe014bbfcc208a9fcbd363a1fe7e3a31" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8", "url": "https://git.kernel.org/stable/c/5641019dfbaee5e85fe093b590f0451c9dd4d6f8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45", "url": "https://git.kernel.org/stable/c/c489f3283dbfc0f3c00c312149cae90d27552c45" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88", "url": "https://git.kernel.org/stable/c/df0312d8859763aa15b8b56ac151a1ea4a4e5b88" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2", "url": "https://git.kernel.org/stable/c/f493f31a63847624fd3199ac836a8bd8828e50e2" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-07-25T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39863", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work\n\nThe brcmf_btcoex_detach() only shuts down the btcoex timer, if the\nflag timer_on is false. However, the brcmf_btcoex_timerfunc(), which\nruns as timer handler, sets timer_on to false. This creates critical\nrace conditions:\n\n1.If brcmf_btcoex_detach() is called while brcmf_btcoex_timerfunc()\nis executing, it may observe timer_on as false and skip the call to\ntimer_shutdown_sync().\n\n2.The brcmf_btcoex_timerfunc() may then reschedule the brcmf_btcoex_info\nworker after the cancel_work_sync() has been executed, resulting in\nuse-after-free bugs.\n\nThe use-after-free bugs occur in two distinct scenarios, depending on\nthe timing of when the brcmf_btcoex_info struct is freed relative to\nthe execution of its worker thread.\n\nScenario 1: Freed before the worker is scheduled\n\nThe brcmf_btcoex_info is deallocated before the worker is scheduled.\nA race condition can occur when schedule_work(&bt_local->work) is\ncalled after the target memory has been freed. The sequence of events\nis detailed below:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local->timer_on = false;\n if (cfg->btcoex->timer_on) |\n ... |\n cancel_work_sync(); |\n ... |\n kfree(cfg->btcoex); // FREE |\n | schedule_work(&bt_local->work); // USE\n\nScenario 2: Freed after the worker is scheduled\n\nThe brcmf_btcoex_info is freed after the worker has been scheduled\nbut before or during its execution. In this case, statements within\nthe brcmf_btcoex_handler() — such as the container_of macro and\nsubsequent dereferences of the brcmf_btcoex_info object will cause\na use-after-free access. The following timeline illustrates this\nscenario:\n\nCPU0 | CPU1\nbrcmf_btcoex_detach | brcmf_btcoex_timerfunc\n | bt_local->timer_on = false;\n if (cfg->btcoex->timer_on) |\n ... |\n cancel_work_sync(); |\n ... | schedule_work(); // Reschedule\n |\n kfree(cfg->btcoex); // FREE | brcmf_btcoex_handler() // Worker\n /* | btci = container_of(....); // USE\n The kfree() above could | ...\n also occur at any point | btci-> // USE\n during the worker's execution|\n */ |\n\nTo resolve the race conditions, drop the conditional check and call\ntimer_shutdown_sync() directly. It can deactivate the timer reliably,\nregardless of its current state. Once stopped, the timer_on state is\nthen set to false.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39863" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2f6fbc8e04ca1d1d5c560be694199f847229c625", "url": "https://git.kernel.org/stable/c/2f6fbc8e04ca1d1d5c560be694199f847229c625" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3e789f8475f6c857c88de5c5bf4b24b11a477dd7", "url": "https://git.kernel.org/stable/c/3e789f8475f6c857c88de5c5bf4b24b11a477dd7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9cb83d4be0b9b697eae93d321e0da999f9cdfcfc", "url": "https://git.kernel.org/stable/c/9cb83d4be0b9b697eae93d321e0da999f9cdfcfc" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f1150153c4e5940fe49ab51136343c5b4fe49d63", "url": "https://git.kernel.org/stable/c/f1150153c4e5940fe49ab51136343c5b4fe49d63" } ], "release_date": "2025-09-19T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-01-08T10:12:34.972336Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153", "product_ids": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1767867153" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-debug-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-headers-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:kernel-tools-libs-devel-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64", "Oracle-Linux-7:python-perf-0:3.10.0-1160.139.1.el7.tuxcare.els4.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }