{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "crypto: af_alg - Fix incorrect boolean values in af_alg_ctx {CVE-2025-40022}\n- arm64: pensando: Must boot Ortano kernel with spin-table\n- net/sched: adjust device watchdog timer to detect stopped queue at right time\n- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change\n- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE.\n- infiniband/xsigo: xsvnic_main: Remove unused functions\n- infiniband/xsigo: xve_cm: Fix mixed code warning\n- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv'\n- infiniband/xsigo: xve_ib: Fix misleading indentation\n- infiniband/xsigo: xve_ib: Fix mixed code warning\n- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd'\n- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del'\n- infiniband/xsigo: xve_main: Fix mixed code warning\n- infiniband/xsigo: xve_main: Fix misleading indentation\n- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops'\n- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd'\n- rds: Fix jiffies type in struct rds_conn_path\n- kernel: sysctl: Remove unused variable 'zero'\n- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg {CVE-2025-39964}\n- RDMA/cm: Base cm_id destruction timeout on CMA values\n- x86/its: Build fails with CONFIG_MITIGATION_ITS=n\n- LTS tag: v5.4.302\n- Input: pegasus-notetaker - fix potential out-of-bounds access {CVE-2025-68217}\n- Input: remove third argument of usb_maxpacket()\n- usb: deprecate the third argument of usb_maxpacket()\n- fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271}\n- pmdomain: imx: Fix reference count leak in imx_gpc_remove\n- pmdomain: arm: scmi: Fix genpd leak on provider registration failure {CVE-2025-68204}\n- net: netpoll: fix incorrect refcount handling causing incorrect cleanup {CVE-2025-68245}\n- net: qede: Initialize qede_ll_ops with designated initializer\n- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error {CVE-2025-68220}\n- ALSA: usb-audio: fix uac2 clock source at terminal parser\n- mm/page_alloc: fix hash table order logging in alloc_large_system_hash()\n- kconfig/nconf: Initialize the default locale at startup\n- kconfig/mconf: Initialize the default locale at startup\n- vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}\n- s390/ctcm: Fix double-kfree {CVE-2025-40253}\n- net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254}\n- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats()\n- MIPS: Malta: Fix !EVA SOC-it PCI MMIO\n- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() {CVE-2025-68229}\n- scsi: sg: Do not sleep in atomic context {CVE-2025-40259}\n- Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263}\n- be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264}\n- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734}\n- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection\n- EDAC/altera: Handle OCRAM ECC enable after warm reset\n- spi: Try to get ACPI GPIO IRQ earlier\n- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe {CVE-2025-68241}\n- strparser: Fix signed/unsigned mismatch bug\n- gcov: add support for GCC 15\n- mm/ksm: fix flag-dropping behavior in ksm_madvise {CVE-2025-40040}\n- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd {CVE-2025-40275}\n- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277}\n- ASoC: cs4271: Fix regulator leak on probe failure\n- regulator: fixed: fix GPIO descriptor leak on register failure\n- regulator: fixed: use dev_err_probe for register\n- Bluetooth: L2CAP: export l2cap_chan_hold for modules\n- net_sched: limit try_bulk_dequeue_skb() batches\n- net_sched: remove need_resched() from qdisc_run()\n- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps\n- net/mlx5e: Fix maxrate wraparound in threshold between units\n- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak {CVE-2025-40278}\n- wifi: mac80211: skip rate verification for not captured PSDUs\n- net: mdio: fix resource leak in mdiobus_register_device()\n- tipc: Fix use-after-free in tipc_mon_reinit_self(). {CVE-2025-40280}\n- tipc: simplify the finalize work queue\n- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto {CVE-2025-40281}\n- sctp: get netns from asoc and ep base\n- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions\n- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion\n- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282}\n- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283}\n- net: fec: correct rx_bytes statistic for the case SHIFT16 is set\n- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down\n- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug\n- NFS4: Fix state renewals missing after boot\n- compiler_types: Move unused static inline functions warning to W=2\n- extcon: adc-jack: Cleanup wakeup source only if it was enabled\n- tracing: Fix memory leaks in create_field_var()\n- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup {CVE-2025-68192}\n- sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331}\n- sctp: Hold RCU read lock while iterating over address list\n- net: dsa: b53: stop reading ARL entries if search is done\n- net: dsa: b53: fix enabling ip multicast\n- net: dsa: b53: fix resetting speed and pause on forced link\n- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325\n- net: dsa/b53: change b53_force_port_config() pause argument\n- net: vlan: sync VLAN features with lower device\n- ceph: add checking of wait_for_completion_killable() return value\n- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304}\n- ACPI: property: Return present device nodes only on fwnode interface\n- 9p: sysfs_init: don't hardcode error to ENOMEM\n- 9p: fix /sys/fs/9p/caches overwriting itself\n- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink\n- ACPICA: Update dsmethod.c to get rid of unused variable warning\n- orangefs: fix xattr related buffer overflow... {CVE-2025-40306}\n- page_pool: Clamp pool size to max 16K pages\n- Bluetooth: bcsp: receive data only if registered {CVE-2025-40308}\n- Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309}\n- net: macb: avoid dealing with endianness in macb_set_hwaddr()\n- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing {CVE-2025-68185}\n- NFSv4.1: fix mount hang after CREATE_SESSION failure\n- NFSv4: handle ERR_GRACE on delegation recalls\n- remoteproc: qcom: q6v5: Avoid handling handover twice\n- sparc/module: Add R_SPARC_UA64 relocation handling\n- net: intel: fm10k: Fix parameter idx set but not used\n- jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168}\n- jfs: Verify inode mode when loading from disk {CVE-2025-40312}\n- ipv6: np->rxpmtu race annotation\n- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices\n- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs\n- allow finish_no_open(file, ERR_PTR(-E...))\n- scsi: lpfc: Define size of debugfs entry for xri rebalancing\n- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET\n- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency\n- net/cls_cgroup: Fix task_get_classid() during qdisc run\n- selftests: Replace sleep with slowwait\n- selftests: Disable dad for ipv6 in fcnal-test.sh\n- media: redrat3: use int type to store negative error codes\n- net: sh_eth: Disable WoL if system can not suspend\n- phy: cadence: cdns-dphy: Enable lower resolutions in dphy\n- usb: gadget: f_hid: Fix zero length packet transfer\n- net: call cond_resched() less often in __release_sock()\n- ALSA: usb-audio: apply quirk for MOONDROP Quark2\n- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms\n- dmaengine: dw-edma: Set status for callback_result\n- dmaengine: mv_xor: match alloc_wc and free_wc\n- dmaengine: sh: setup_xref error handling\n- scsi: pm8001: Use int instead of u32 to store error codes\n- mips: lantiq: xway: sysctrl: rename stp clock\n- mips: lantiq: danube: add missing device_type in pci node\n- mips: lantiq: danube: add missing properties to cpu node\n- media: fix uninitialized symbol warnings\n- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption\n- extcon: adc-jack: Fix wakeup source leaks on device unbind\n- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call\n- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV.\n- net: When removing nexthops, don't call synchronize_net if it is not necessary\n- char: misc: Does not request module for miscdevice with dynamic minor\n- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet\n- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register\n- media: imon: make send_packet() more robust {CVE-2025-68194}\n- net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363}\n- bridge: Redirect to backup port when port is administratively down\n- powerpc/eeh: Use result of error_detected() in uevent\n- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall\n- media: pci: ivtv: Don't create fake v4l2_fh\n- drm/amdkfd: return -ENOTTY for unsupported IOCTLs\n- selftests/net: Ensure assert() triggers in psock_tpacket.c\n- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8\n- PCI: Disable MSI on RDC PCI to PCIe bridges\n- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf()\n- mfd: madera: Work around false-positive -Wininitialized warning\n- mfd: stmpe-i2c: Add missing MODULE_LICENSE\n- mfd: stmpe: Remove IRQ domain upon removal\n- tools/power x86_energy_perf_policy: Prefer driver HWP limits\n- tools/power x86_energy_perf_policy: Enhance HWP enable\n- tools/cpupower: Fix incorrect size in cpuidle_state_disable()\n- hwmon: (dell-smm) Add support for Dell OptiPlex 7040\n- uprobe: Do not emulate/sstep original instruction when ip is changed\n- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel\n- video: backlight: lp855x_bl: Set correct EPROM start for LP8556\n- tee: allow a driver to allocate a tee_device without a pool\n- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method()\n- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card\n- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment\n- arc: Fix __fls() const-foldability via __builtin_clzl()\n- cpufreq/longhaul: handle NULL policy in longhaul_exit {CVE-2025-68177}\n- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2\n- ACPI: video: force native for Lenovo 82K8\n- memstick: Add timeout to prevent indefinite waiting\n- mmc: host: renesas_sdhi: Fix the actual clock\n- bpf: Don't use %pK through printk\n- spi: loopback-test: Don't use %pK through printk\n- soc: qcom: smem: Fix endian-unaware access of num_entries\n- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315}\n- serial: 8250_dw: handle reset control deassert error\n- serial: 8250_dw: Use devm_add_action_or_reset()\n- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock\n- can: gs_usb: increase max interface to U8_MAX\n- devcoredump: Fix circular locking dependency with devcd->mutex.\n- net: ravb: Enforce descriptor type ordering\n- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID\n- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode {CVE-2025-40321}\n- net: phy: dp83867: Disable EEE support as not implemented\n- regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317}\n- drm/etnaviv: fix flush sequence logic\n- usbnet: Prevents free active kevent {CVE-2025-68312}\n- wifi: ath10k: Fix memory leak on unsupported WMI command\n- ASoC: qdsp6: q6asm: do not sleep while atomic\n- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init\n- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS\n- fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}\n- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() {CVE-2025-40211}\n- fbdev: atyfb: Check if pll_ops->init_pll failed\n- net: usb: asix_devices: Check return value of usbnet_get_endpoints\n- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot()\n- x86/bugs: Fix reporting of LFENCE retpoline\n- net/sched: sch_qfq: Fix null-deref in agg_dequeue {CVE-2025-40083}\n- RDMA/cm: Rate limit destroy CM ID timeout error message\n- soc/pensando: giglio: hack dts to make things right\n- soc/pensando: Add AMD Pensando Giglio SoC support\n- soc/pensando: psci support\n- soc/pensando: Giglio SoC eMMC interrupt driver\n- Reapply \"cpuidle: menu: Avoid discarding useful information\"\n- fbcon: fix integer overflow in font allocation\n- uek-rpm: Introduce check function for uek-rpm/tools/kabi\n- rds: Add smp_rmb before reading c_destroy_in_prog\n- uio_hv_generic: Set event for all channels on the device\n- ata: libata-scsi: Fix system suspend for a security locked drive\n- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155\n- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/advisories/2026/clsa-2026_1770140694.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "tracking": { "current_release_date": "2026-02-05T17:56:30Z", "generator": { "date": "2026-02-05T17:56:30Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1770140694", "initial_release_date": "2026-02-03T17:44:56Z", "revision_history": [ { "date": "2026-02-03T17:44:56Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-05T17:56:30Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "kernel-uek: Fix of 43 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-tools@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-devel@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-headers@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug-devel@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container-debug@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product": { "name": "kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_id": "kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug@5.4.17-2136.352.5.el7uek.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" }, "product_reference": "kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-40271", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfs/proc: fix uaf in proc_readdir_de()\nPde is erased from subdir rbtree through rb_erase(), but not set the node\nto EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()\nset the erased node to EMPTY, then pde_subdir_next() will return NULL to\navoid uaf access.\nWe found an uaf issue while using stress-ng testing, need to run testcase\ngetdent and tun in the same time. The steps of the issue is as follows:\n1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current\npde is tun3;\n2) in the [time windows] unregister netdevice tun3 and tun2, and erase\nthem from rbtree. erase tun3 first, and then erase tun2. the\npde(tun2) will be released to slab;\n3) continue to getdent process, then pde_subdir_next() will return\npde(tun2) which is released, it will case uaf access.\nCPU 0 | CPU 1\n-------------------------------------------------------------------------\ntraverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun->dev) //tun3 tun2\nsys_getdents64() |\niterate_dir() |\nproc_readdir() |\nproc_readdir_de() | snmp6_unregister_dev()\npde_get(de); | proc_remove()\nread_unlock(&proc_subdir_lock); | remove_proc_subtree()\n| write_lock(&proc_subdir_lock);\n[time window] | rb_erase(&root->subdir_node, &parent->subdir);\n| write_unlock(&proc_subdir_lock);\nread_lock(&proc_subdir_lock); |\nnext = pde_subdir_next(de); |\npde_put(de); |\nde = next; //UAF |\nrbtree of dev_snmp6\n|\npde(tun3)\n/ \\\nNULL pde(tun2)", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40271" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40322", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: bitblit: bound-check glyph index in bit_putcs*\nbit_putcs_aligned()/unaligned() derived the glyph pointer from the\ncharacter value masked by 0xff/0x1ff, which may exceed the actual font's\nglyph count and read past the end of the built-in font array.\nClamp the index to the actual glyph count before computing the address.\nThis fixes a global out-of-bounds read reported by syzbot.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40322" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40022", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Fix incorrect boolean values in af_alg_ctx\n\nCommit 1b34cbbf4f01 (\"crypto: af_alg - Disallow concurrent writes in\naf_alg_sendmsg\") changed some fields from bool to 1-bit bitfields of\ntype u32.\n\nHowever, some assignments to these fields, specifically 'more' and\n'merge', assign values greater than 1. These relied on C's implicit\nconversion to bool, such that zero becomes false and nonzero becomes\ntrue.\n\nWith a 1-bit bitfields of type u32 instead, mod 2 of the value is taken\ninstead, resulting in 0 being assigned in some cases when 1 was intended.\n\nFix this by restoring the bool type.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40022" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/316b090c2fee964c307a634fecc7df269664b158", "url": "https://git.kernel.org/stable/c/316b090c2fee964c307a634fecc7df269664b158" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3a21698ace915a445bce2d0dcfc84b6d2199baf7", "url": "https://git.kernel.org/stable/c/3a21698ace915a445bce2d0dcfc84b6d2199baf7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/54506c6335690f4ef1b9f154e34f5a604c72c1ed", "url": "https://git.kernel.org/stable/c/54506c6335690f4ef1b9f154e34f5a604c72c1ed" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8703940bd30b5ad94408d28d7192db2491cd3592", "url": "https://git.kernel.org/stable/c/8703940bd30b5ad94408d28d7192db2491cd3592" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb", "url": "https://git.kernel.org/stable/c/d0ca0df179c4b21e2a6c4a4fb637aa8fa14575cb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d382d6daf0184490f366562469a5673f65ee2662", "url": "https://git.kernel.org/stable/c/d382d6daf0184490f366562469a5673f65ee2662" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fbe96bd25423e61273d8831e995260b429d850b6", "url": "https://git.kernel.org/stable/c/fbe96bd25423e61273d8831e995260b429d850b6" } ], "release_date": "2025-10-24T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40277", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ndrm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE\nThis data originates from userspace and is used in buffer offset\ncalculations which could potentially overflow causing an out-of-bounds\naccess.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40277" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40259", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: sg: Do not sleep in atomic context\nsg_finish_rem_req() calls blk_rq_unmap_user(). The latter function may\nsleep. Hence, call sg_finish_rem_req() with interrupts enabled instead\nof disabled.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40259" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40263", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: cros_ec_keyb - fix an invalid memory access\n\nIf cros_ec_keyb_register_matrix() isn't called (due to\n`buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains\nNULL. An invalid memory access is observed in cros_ec_keyb_process()\nwhen receiving an EC_MKBP_EVENT_KEY_MATRIX event in cros_ec_keyb_work()\nin such case.\n\n Unable to handle kernel read from unreadable memory at virtual address 0000000000000028\n ...\n x3 : 0000000000000000 x2 : 0000000000000000\n x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n input_event\n cros_ec_keyb_work\n blocking_notifier_call_chain\n ec_irq_thread\n\nIt's still unknown about why the kernel receives such malformed event,\nin any cases, the kernel shouldn't access `ckdev->idev` and friends if\nthe driver doesn't intend to initialize them.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40263" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39", "url": "https://git.kernel.org/stable/c/2d251c15c27e2dd16d6318425d2f7260cbd47d39" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec", "url": "https://git.kernel.org/stable/c/6d81068685154535af06163eb585d6d9663ec7ec" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7", "url": "https://git.kernel.org/stable/c/9cf59f4724a9ee06ebb06c76b8678ac322e850b7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb", "url": "https://git.kernel.org/stable/c/d74864291cb8bd784d44d1d02e87109cf88666bb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68", "url": "https://git.kernel.org/stable/c/e08969c4d65ac31297fcb4d31d4808c789152f68" } ], "release_date": "2025-12-04T16:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40264", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nbe2net: pass wrb_params in case of OS2BMC\nbe_insert_vlan_in_pkt() is called with the wrb_params argument being NULL\nat be_send_pkt_to_bmc() call site.  This may lead to dereferencing a NULL\npointer when processing a workaround for specific packet, as commit\nbc0c3405abbb (\"be2net: fix a Tx stall bug caused by a specific ipv6\npacket\") states.\nThe correct way would be to pass the wrb_params from be_xmit().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40264" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40275", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd\nIn snd_usb_create_streams(), for UAC version 3 devices, the Interface\nAssociation Descriptor (IAD) is retrieved via usb_ifnum_to_if(). If this\ncall fails, a fallback routine attempts to obtain the IAD from the next\ninterface and sets a BADD profile. However, snd_usb_mixer_controls_badd()\nassumes that the IAD retrieved from usb_ifnum_to_if() is always valid,\nwithout performing a NULL check. This can lead to a NULL pointer\ndereference when usb_ifnum_to_if() fails to find the interface descriptor.\nThis patch adds a NULL pointer check after calling usb_ifnum_to_if() in\nsnd_usb_mixer_controls_badd() to prevent the dereference.\nThis issue was discovered by syzkaller, which triggered the bug by sending\na crafted USB device descriptor.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40275" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40283", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF\nThere is a KASAN: slab-use-after-free read in btusb_disconnect().\nCalling \"usb_driver_release_interface(&btusb_driver, data->intf)\" will\nfree the btusb data associated with the interface. The same data is\nthen used later in the function, hence the UAF.\nFix by moving the accesses to btusb data to before the data is free'd.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40283" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40304", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nfbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds\nAdd bounds checking to prevent writes past framebuffer boundaries when\nrendering text near screen edges. Return early if the Y position is off-screen\nand clip image height to screen boundary. Break from the rendering loop if the\nX position is off-screen. When clipping image width to fit the screen, update\nthe character count to match the clipped width to prevent buffer size\nmismatches.\nWithout the character count update, bit_putcs_aligned and bit_putcs_unaligned\nreceive mismatched parameters where the buffer is allocated for the clipped\nwidth but cnt reflects the original larger count, causing out-of-bounds writes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40304" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40306", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix xattr related buffer overflow...\n\nWilly Tarreau forwarded me a message from\nDisclosure with the following\nwarning:\n\n> The helper `xattr_key()` uses the pointer variable in the loop condition\n> rather than dereferencing it. As `key` is incremented, it remains non-NULL\n> (until it runs into unmapped memory), so the loop does not terminate on\n> valid C strings and will walk memory indefinitely, consuming CPU or hanging\n> the thread.\n\nI easily reproduced this with setfattr and getfattr, causing a kernel\noops, hung user processes and corrupted orangefs files. Disclosure\nsent along a diff (not a patch) with a suggested fix, which I based\nthis patch on.\n\nAfter xattr_key started working right, xfstest generic/069 exposed an\nxattr related memory leak that lead to OOM. xattr_key returns\na hashed key. When adding xattrs to the orangefs xattr cache, orangefs\nused hash_add, a kernel hashing macro. hash_add also hashes the key using\nhash_log which resulted in additions to the xattr cache going to the wrong\nhash bucket. generic/069 tortures a single file and orangefs does a\ngetattr for the xattr \"security.capability\" every time. Orangefs\nnegative caches on xattrs which includes a kmalloc. Since adds to the\nxattr cache were going to the wrong bucket, every getattr for\n\"security.capability\" resulted in another kmalloc, none of which were\never freed.\n\nI changed the two uses of hash_add to hlist_add_head instead\nand the memory leak ceased and generic/069 quit throwing furniture.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40306" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/025e880759c279ec64d0f754fe65bf45961da864", "url": "https://git.kernel.org/stable/c/025e880759c279ec64d0f754fe65bf45961da864" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/15afebb9597449c444801d1ff0b8d8b311f950ab", "url": "https://git.kernel.org/stable/c/15afebb9597449c444801d1ff0b8d8b311f950ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9127d1e90c90e5960c8bc72a4ce2c209691a7021", "url": "https://git.kernel.org/stable/c/9127d1e90c90e5960c8bc72a4ce2c209691a7021" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bc812574de633cf9a9ad6974490e45f6a4bb5126", "url": "https://git.kernel.org/stable/c/bc812574de633cf9a9ad6974490e45f6a4bb5126" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c2ca015ac109fd743fdde27933d59dc5ad46658e", "url": "https://git.kernel.org/stable/c/c2ca015ac109fd743fdde27933d59dc5ad46658e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c6564ff6b53c9a8dc786b6f1c51ae7688273f931", "url": "https://git.kernel.org/stable/c/c6564ff6b53c9a8dc786b6f1c51ae7688273f931" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e09a096104fc65859422817fb2211f35855983fe", "url": "https://git.kernel.org/stable/c/e09a096104fc65859422817fb2211f35855983fe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef892d2bf4f3fa2c8de1677dd307e678bdd3d865", "url": "https://git.kernel.org/stable/c/ef892d2bf4f3fa2c8de1677dd307e678bdd3d865" } ], "release_date": "2025-12-08T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40308", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: bcsp: receive data only if registered\nCurrently, bcsp_recv() can be called even when the BCSP protocol has not\nbeen registered. This leads to a NULL pointer dereference, as shown in\nthe following stack trace:\nKASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\nRIP: 0010:bcsp_recv+0x13d/0x1740 drivers/bluetooth/hci_bcsp.c:590\nCall Trace:\n\nhci_uart_tty_receive+0x194/0x220 drivers/bluetooth/hci_ldisc.c:627\ntiocsti+0x23c/0x2c0 drivers/tty/tty_io.c:2290\ntty_ioctl+0x626/0xde0 drivers/tty/tty_io.c:2706\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:907 [inline]\n__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nTo prevent this, ensure that the HCI_UART_REGISTERED flag is set before\nprocessing received data. If the protocol is not registered, return\n-EUNATCH.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40308" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40321", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nwifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode\nCurrently, whenever there is a need to transmit an Action frame,\nthe brcmfmac driver always uses the P2P vif to send the \"actframe\" IOVAR to\nfirmware. The P2P interfaces were available when wpa_supplicant is managing\nthe wlan interface.\nHowever, the P2P interfaces are not created/initialized when only hostapd\nis managing the wlan interface. And if hostapd receives an ANQP Query REQ\nAction frame even from an un-associated STA, the brcmfmac driver tries\nto use an uninitialized P2P vif pointer for sending the IOVAR to firmware.\nThis NULL pointer dereferencing triggers a driver crash.\n[ 1417.074538] Unable to handle kernel NULL pointer dereference at virtual\naddress 0000000000000000\n[...]\n[ 1417.075188] Hardware name: Raspberry Pi 4 Model B Rev 1.5 (DT)\n[...]\n[ 1417.075653] Call trace:\n[ 1417.075662] brcmf_p2p_send_action_frame+0x23c/0xc58 [brcmfmac]\n[ 1417.075738] brcmf_cfg80211_mgmt_tx+0x304/0x5c0 [brcmfmac]\n[ 1417.075810] cfg80211_mlme_mgmt_tx+0x1b0/0x428 [cfg80211]\n[ 1417.076067] nl80211_tx_mgmt+0x238/0x388 [cfg80211]\n[ 1417.076281] genl_family_rcv_msg_doit+0xe0/0x158\n[ 1417.076302] genl_rcv_msg+0x220/0x2a0\n[ 1417.076317] netlink_rcv_skb+0x68/0x140\n[ 1417.076330] genl_rcv+0x40/0x60\n[ 1417.076343] netlink_unicast+0x330/0x3b8\n[ 1417.076357] netlink_sendmsg+0x19c/0x3f8\n[ 1417.076370] __sock_sendmsg+0x64/0xc0\n[ 1417.076391] ____sys_sendmsg+0x268/0x2a0\n[ 1417.076408] ___sys_sendmsg+0xb8/0x118\n[ 1417.076427] __sys_sendmsg+0x90/0xf8\n[ 1417.076445] __arm64_sys_sendmsg+0x2c/0x40\n[ 1417.076465] invoke_syscall+0x50/0x120\n[ 1417.076486] el0_svc_common.constprop.0+0x48/0xf0\n[ 1417.076506] do_el0_svc+0x24/0x38\n[ 1417.076525] el0_svc+0x30/0x100\n[ 1417.076548] el0t_64_sync_handler+0x100/0x130\n[ 1417.076569] el0t_64_sync+0x190/0x198\n[ 1417.076589] Code: f9401e80 aa1603e2 f9403be1 5280e483 (f9400000)\nFix this, by always using the vif corresponding to the wdev on which the\nAction frame Transmission request was initiated by the userspace. This way,\neven if P2P vif is not available, the IOVAR is sent to firmware on AP vif\nand the ANQP Query RESP Action frame is transmitted without crashing the\ndriver.\nMove init_completion() for \"send_af_done\" from brcmf_p2p_create_p2pdev()\nto brcmf_p2p_attach(). Because the former function would not get executed\nwhen only hostapd is managing wlan interface, and it is not safe to do\nreinit_completion() later in brcmf_p2p_tx_action_frame(), without any prior\ninit_completion().\nAnd in the brcmf_p2p_tx_action_frame() function, the condition check for\nP2P Presence response frame is not needed, since the wpa_supplicant is\nproperly sending the P2P Presense Response frame on the P2P-GO vif instead\nof the P2P-Device vif.\n[Cc stable]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40321" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40331", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsctp: Prevent TOCTOU out-of-bounds write\nFor the following path not holding the sock lock,\nsctp_diag_dump() -> sctp_for_each_endpoint() -> sctp_ep_dump()\nmake sure not to exceed bounds in case the address list has grown\nbetween buffer allocation (time-of-check) and write (time-of-use).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40331" } ], "release_date": "2025-12-09T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40248", "cwe": { "id": "CWE-364", "name": "Signal Handler Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nvsock: Ignore signal/timeout on connect() if already established\nDuring connect(), acting on a signal/timeout by disconnecting an already\nestablished socket leads to several issues:\n1. connect() invoking vsock_transport_cancel_pkt() ->\nvirtio_transport_purge_skbs() may race with sendmsg() invoking\nvirtio_transport_get_credit(). This results in a permanently elevated\n`vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling.\n2. connect() resetting a connected socket's state may race with socket\nbeing placed in a sockmap. A disconnected socket remaining in a sockmap\nbreaks sockmap's assumptions. And gives rise to WARNs.\n3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a\ntransport change/drop after TCP_ESTABLISHED. Which poses a problem for\nany simultaneous sendmsg() or connect() and may result in a\nuse-after-free/null-ptr-deref.\nDo not disconnect socket on signal/timeout. Keep the logic for unconnected\nsockets: they don't linger, can't be placed in a sockmap, are rejected by\nsendmsg().\n[1]: https://lore.kernel.org/netdev/e07fd95c-9a38-4eea-9638-133e38c2ec9b@rbox.co/\n[2]: https://lore.kernel.org/netdev/20250317-vsock-trans-signal-race-v4-0-fc8837f3f1d4@rbox.co/\n[3]: https://lore.kernel.org/netdev/60f1b7db-3099-4f6a-875e-af9f6ef194f6@rbox.co/", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40248" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40280", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ntipc: Fix use-after-free in tipc_mon_reinit_self().\nsyzbot reported use-after-free of tipc_net(net)->monitors[]\nin tipc_mon_reinit_self(). [0]\nThe array is protected by RTNL, but tipc_mon_reinit_self()\niterates over it without RTNL.\ntipc_mon_reinit_self() is called from tipc_net_finalize(),\nwhich is always under RTNL except for tipc_net_finalize_work().\nLet's hold RTNL in tipc_net_finalize_work().\n[0]:\nBUG: KASAN: slab-use-after-free in __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\nBUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\nRead of size 1 at addr ffff88805eae1030 by task kworker/0:7/5989\nCPU: 0 UID: 0 PID: 5989 Comm: kworker/0:7 Not tainted syzkaller #0 PREEMPT_{RT,(full)}\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nWorkqueue: events tipc_net_finalize_work\nCall Trace:\n\ndump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:378 [inline]\nprint_report+0xca/0x240 mm/kasan/report.c:482\nkasan_report+0x118/0x150 mm/kasan/report.c:595\n__kasan_check_byte+0x2a/0x40 mm/kasan/common.c:568\nkasan_check_byte include/linux/kasan.h:399 [inline]\nlock_acquire+0x8d/0x360 kernel/locking/lockdep.c:5842\n__raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline]\n_raw_spin_lock_irqsave+0xa7/0xf0 kernel/locking/spinlock.c:162\nrtlock_slowlock kernel/locking/rtmutex.c:1894 [inline]\nrwbase_rtmutex_lock_state kernel/locking/spinlock_rt.c:160 [inline]\nrwbase_write_lock+0xd3/0x7e0 kernel/locking/rwbase_rt.c:244\nrt_write_lock+0x76/0x110 kernel/locking/spinlock_rt.c:243\nwrite_lock_bh include/linux/rwlock_rt.h:99 [inline]\ntipc_mon_reinit_self+0x79/0x430 net/tipc/monitor.c:718\ntipc_net_finalize+0x115/0x190 net/tipc/net.c:140\nprocess_one_work kernel/workqueue.c:3236 [inline]\nprocess_scheduled_works+0xade/0x17b0 kernel/workqueue.c:3319\nworker_thread+0x8a0/0xda0 kernel/workqueue.c:3400\nkthread+0x70e/0x8a0 kernel/kthread.c:463\nret_from_fork+0x439/0x7d0 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n\nAllocated by task 6089:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x3e/0x80 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n__kasan_kmalloc+0x93/0xb0 mm/kasan/common.c:405\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__kmalloc_cache_noprof+0x1a8/0x320 mm/slub.c:4407\nkmalloc_noprof include/linux/slab.h:905 [inline]\nkzalloc_noprof include/linux/slab.h:1039 [inline]\ntipc_mon_create+0xc3/0x4d0 net/tipc/monitor.c:657\ntipc_enable_bearer net/tipc/bearer.c:357 [inline]\n__tipc_nl_bearer_enable+0xe16/0x13f0 net/tipc/bearer.c:1047\n__tipc_nl_compat_doit net/tipc/netlink_compat.c:371 [inline]\ntipc_nl_compat_doit+0x3bc/0x5f0 net/tipc/netlink_compat.c:393\ntipc_nl_compat_handle net/tipc/netlink_compat.c:-1 [inline]\ntipc_nl_compat_recv+0x83c/0xbe0 net/tipc/netlink_compat.c:1321\ngenl_family_rcv_msg_doit+0x215/0x300 net/netlink/genetlink.c:1115\ngenl_family_rcv_msg net/netlink/genetlink.c:1195 [inline]\ngenl_rcv_msg+0x60e/0x790 net/netlink/genetlink.c:1210\nnetlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2552\ngenl_rcv+0x28/0x40 net/netlink/genetlink.c:1219\nnetlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline]\nnetlink_unicast+0x846/0xa10 net/netlink/af_netlink.c:1346\nnetlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896\nsock_sendmsg_nosec net/socket.c:714 [inline]\n__sock_sendmsg+0x21c/0x270 net/socket.c:729\n____sys_sendmsg+0x508/0x820 net/socket.c:2614\n___sys_sendmsg+0x21f/0x2a0 net/socket.c:2668\n__sys_sendmsg net/socket.c:2700 [inline]\n__do_sys_sendmsg net/socket.c:2705 [inline]\n__se_sys_sendmsg net/socket.c:2703 [inline]\n__x64_sys_sendmsg+0x1a1/0x260 net/socket.c:2703\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xfa/0x3b0 arch/\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40280" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40211", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nACPI: video: Fix use-after-free in acpi_video_switch_brightness()\nThe switch_brightness_work delayed work accesses device->brightness\nand device->backlight, freed by acpi_video_dev_unregister_backlight()\nduring device removal.\nIf the work executes after acpi_video_bus_unregister_backlight()\nfrees these resources, it causes a use-after-free when\nacpi_video_switch_brightness() dereferences device->brightness or\ndevice->backlight.\nFix this by calling cancel_delayed_work_sync() for each device's\nswitch_brightness_work in acpi_video_bus_remove_notify_handler()\nafter removing the notify handler that queues the work. This ensures\nthe work completes before the memory is freed.\n[ rjw: Changelog edit ]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40211" } ], "release_date": "2025-11-21T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40253", "cwe": { "id": "CWE-1341", "name": "Multiple Releases of Same Resource or Handle" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ns390/ctcm: Fix double-kfree\nThe function 'mpc_rcvd_sweep_req(mpcginfo)' is called conditionally\nfrom function 'ctcmpc_unpack_skb'. It frees passed mpcginfo.\nAfter that a call to function 'kfree' in function 'ctcmpc_unpack_skb'\nfrees it again.\nRemove 'kfree' call in function 'mpc_rcvd_sweep_req(mpcginfo)'.\nBug detected by the clang static analyzer.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40253" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40254", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type ('Type Confusion')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: openvswitch: remove never-working support for setting nsh fields\nThe validation of the set(nsh(...)) action is completely wrong.\nIt runs through the nsh_key_put_from_nlattr() function that is the\nsame function that validates NSH keys for the flow match and the\npush_nsh() action. However, the set(nsh(...)) has a very different\nmemory layout. Nested attributes in there are doubled in size in\ncase of the masked set(). That makes proper validation impossible.\nThere is also confusion in the code between the 'masked' flag, that\nsays that the nested attributes are doubled in size containing both\nthe value and the mask, and the 'is_mask' that says that the value\nwe're parsing is the mask. This is causing kernel crash on trying to\nwrite into mask part of the match with SW_FLOW_KEY_PUT() during\nvalidation, while validate_nsh() doesn't allocate any memory for it:\nBUG: kernel NULL pointer dereference, address: 0000000000000018\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 1c2383067 P4D 1c2383067 PUD 20b703067 PMD 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 8 UID: 0 Kdump: loaded Not tainted 6.17.0-rc4+ #107 PREEMPT(voluntary)\nRIP: 0010:nsh_key_put_from_nlattr+0x19d/0x610 [openvswitch]\nCall Trace:\n\nvalidate_nsh+0x60/0x90 [openvswitch]\nvalidate_set.constprop.0+0x270/0x3c0 [openvswitch]\n__ovs_nla_copy_actions+0x477/0x860 [openvswitch]\novs_nla_copy_actions+0x8d/0x100 [openvswitch]\novs_packet_cmd_execute+0x1cc/0x310 [openvswitch]\ngenl_family_rcv_msg_doit+0xdb/0x130\ngenl_family_rcv_msg+0x14b/0x220\ngenl_rcv_msg+0x47/0xa0\nnetlink_rcv_skb+0x53/0x100\ngenl_rcv+0x24/0x40\nnetlink_unicast+0x280/0x3b0\nnetlink_sendmsg+0x1f7/0x430\n____sys_sendmsg+0x36b/0x3a0\n___sys_sendmsg+0x87/0xd0\n__sys_sendmsg+0x6d/0xd0\ndo_syscall_64+0x7b/0x2c0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e\nThe third issue with this process is that while trying to convert\nthe non-masked set into masked one, validate_set() copies and doubles\nthe size of the OVS_KEY_ATTR_NSH as if it didn't have any nested\nattributes. It should be copying each nested attribute and doubling\nthem in size independently. And the process must be properly reversed\nduring the conversion back from masked to a non-masked variant during\nthe flow dump.\nIn the end, the only two outcomes of trying to use this action are\neither validation failure or a kernel crash. And if somehow someone\nmanages to install a flow with such an action, it will most definitely\nnot do what it is supposed to, since all the keys and the masks are\nmixed up.\nFixing all the issues is a complex task as it requires re-writing\nmost of the validation code.\nGiven that and the fact that this functionality never worked since\nintroduction, let's just remove it altogether. It's better to\nre-introduce it later with a proper implementation instead of trying\nto fix it in stable releases.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40254" } ], "release_date": "2025-12-04T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40278", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak\n\nFix a KMSAN kernel-infoleak detected by the syzbot .\n\n[net?] KMSAN: kernel-infoleak in __skb_datagram_iter\n\nIn tcf_ife_dump(), the variable 'opt' was partially initialized using a\ndesignatied initializer. While the padding bytes are reamined\nuninitialized. nla_put() copies the entire structure into a\nnetlink message, these uninitialized bytes leaked to userspace.\n\nInitialize the structure with memset before assigning its fields\nto ensure all members and padding are cleared prior to beign copied.\n\nThis change silences the KMSAN report and prevents potential information\nleaks from the kernel memory.\n\nThis fix has been tested and validated by syzbot. This patch closes the\nbug reported at the following syzkaller link and ensures no infoleak.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40278" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2191662058443e0bcc28d11694293d8339af6dde", "url": "https://git.kernel.org/stable/c/2191662058443e0bcc28d11694293d8339af6dde" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/37f0680887c5aeba9a433fe04b35169010568bb1", "url": "https://git.kernel.org/stable/c/37f0680887c5aeba9a433fe04b35169010568bb1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5e3644ef147bf7140259dfa4cace680c9b26fe8b", "url": "https://git.kernel.org/stable/c/5e3644ef147bf7140259dfa4cace680c9b26fe8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/918e063304f945fb93be9bb70cacea07d0b730ea", "url": "https://git.kernel.org/stable/c/918e063304f945fb93be9bb70cacea07d0b730ea" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a676a296af65d33725bdf7396803180957dbd92e", "url": "https://git.kernel.org/stable/c/a676a296af65d33725bdf7396803180957dbd92e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c8f51dad94cbb88054e2aacc272b3ce1ed11fb1e", "url": "https://git.kernel.org/stable/c/c8f51dad94cbb88054e2aacc272b3ce1ed11fb1e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ce50039be49eea9b4cd8873ca6eccded1b4a130a", "url": "https://git.kernel.org/stable/c/ce50039be49eea9b4cd8873ca6eccded1b4a130a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d1dbbbe839647486c9b893e5011fe84a052962df", "url": "https://git.kernel.org/stable/c/d1dbbbe839647486c9b893e5011fe84a052962df" } ], "release_date": "2025-12-06T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40281", "cwe": { "id": "CWE-1335", "name": "Incorrect Bitwise Shift of Integer" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nsctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto\nsyzbot reported a possible shift-out-of-bounds [1]\nBlamed commit added rto_alpha_max and rto_beta_max set to 1000.\nIt is unclear if some sctp users are setting very large rto_alpha\nand/or rto_beta.\nIn order to prevent user regression, perform the test at run time.\nAlso add READ_ONCE() annotations as sysctl values can change under us.\n[1]\nUBSAN: shift-out-of-bounds in net/sctp/transport.c:509:41\nshift exponent 64 is too large for 32-bit type 'unsigned int'\nCPU: 0 UID: 0 PID: 16704 Comm: syz.2.2320 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120\nubsan_epilogue lib/ubsan.c:233 [inline]\n__ubsan_handle_shift_out_of_bounds+0x27f/0x420 lib/ubsan.c:494\nsctp_transport_update_rto.cold+0x1c/0x34b net/sctp/transport.c:509\nsctp_check_transmitted+0x11c4/0x1c30 net/sctp/outqueue.c:1502\nsctp_outq_sack+0x4ef/0x1b20 net/sctp/outqueue.c:1338\nsctp_cmd_process_sack net/sctp/sm_sideeffect.c:840 [inline]\nsctp_cmd_interpreter net/sctp/sm_sideeffect.c:1372 [inline]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40281" } ], "release_date": "2025-12-06T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40282", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: 6lowpan: reset link-local header on ipv6 recv path\n\nBluetooth 6lowpan.c netdev has header_ops, so it must set link-local\nheader for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW\n\nAdd missing skb_reset_mac_header() for uncompressed ipv6 RX path.\n\nFor the compressed one, it is done in lowpan_header_decompress().\n\nLog: (BlueZ 6lowpan-tester Client Recv Raw - Success)\n------\nkernel BUG at net/core/skbuff.c:212!\nCall Trace:\n\n...\npacket_rcv (net/packet/af_packet.c:2152)\n...\n\n__local_bh_enable_ip (kernel/softirq.c:407)\nnetif_rx (net/core/dev.c:5648)\nchan_recv_cb (net/bluetooth/6lowpan.c:294 net/bluetooth/6lowpan.c:359)\n------", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40282" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/11cd7e068381666f842ad41d1cc58eecd0c75237", "url": "https://git.kernel.org/stable/c/11cd7e068381666f842ad41d1cc58eecd0c75237" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3b78f50918276ab28fb22eac9aa49401ac436a3b", "url": "https://git.kernel.org/stable/c/3b78f50918276ab28fb22eac9aa49401ac436a3b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4ebb90c3c309e6375dc3e841af92e2a039843e62", "url": "https://git.kernel.org/stable/c/4ebb90c3c309e6375dc3e841af92e2a039843e62" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70d84e7c3a44b81020a3c3d650a64c63593405bd", "url": "https://git.kernel.org/stable/c/70d84e7c3a44b81020a3c3d650a64c63593405bd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/973e0271754c77db3e1b6b69adf2de85a79a4c8b", "url": "https://git.kernel.org/stable/c/973e0271754c77db3e1b6b69adf2de85a79a4c8b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c24ac6cfe4f9a47180a65592c47e7a310d2f9d93", "url": "https://git.kernel.org/stable/c/c24ac6cfe4f9a47180a65592c47e7a310d2f9d93" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d566e9a2bfc848941b091ffd5f4e12c4e889d818", "url": "https://git.kernel.org/stable/c/d566e9a2bfc848941b091ffd5f4e12c4e889d818" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea46a1d217bc82e01cf3d0424e50ebfe251e34bf", "url": "https://git.kernel.org/stable/c/ea46a1d217bc82e01cf3d0424e50ebfe251e34bf" } ], "release_date": "2025-12-06T22:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40309", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nBluetooth: SCO: Fix UAF on sco_conn_free\nBUG: KASAN: slab-use-after-free in sco_conn_free net/bluetooth/sco.c:87 [inline]\nBUG: KASAN: slab-use-after-free in kref_put include/linux/kref.h:65 [inline]\nBUG: KASAN: slab-use-after-free in sco_conn_put+0xdd/0x410\nnet/bluetooth/sco.c:107\nWrite of size 8 at addr ffff88811cb96b50 by task kworker/u17:4/352\nCPU: 1 UID: 0 PID: 352 Comm: kworker/u17:4 Not tainted\n6.17.0-rc5-g717368f83676 #4 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci13 hci_cmd_sync_work\nCall Trace:\n\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x10b/0x170 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:378 [inline]\nprint_report+0x191/0x550 mm/kasan/report.c:482\nkasan_report+0xc4/0x100 mm/kasan/report.c:595\nsco_conn_free net/bluetooth/sco.c:87 [inline]\nkref_put include/linux/kref.h:65 [inline]\nsco_conn_put+0xdd/0x410 net/bluetooth/sco.c:107\nsco_connect_cfm+0xb4/0xae0 net/bluetooth/sco.c:1441\nhci_connect_cfm include/net/bluetooth/hci_core.h:2082 [inline]\nhci_conn_failed+0x20a/0x2e0 net/bluetooth/hci_conn.c:1313\nhci_conn_unlink+0x55f/0x810 net/bluetooth/hci_conn.c:1121\nhci_conn_del+0xb6/0x1110 net/bluetooth/hci_conn.c:1147\nhci_abort_conn_sync+0x8c5/0xbb0 net/bluetooth/hci_sync.c:5689\nhci_cmd_sync_work+0x281/0x380 net/bluetooth/hci_sync.c:332\nprocess_one_work kernel/workqueue.c:3236 [inline]\nprocess_scheduled_works+0x77e/0x1040 kernel/workqueue.c:3319\nworker_thread+0xbee/0x1200 kernel/workqueue.c:3400\nkthread+0x3c7/0x870 kernel/kthread.c:463\nret_from_fork+0x13a/0x1e0 arch/x86/kernel/process.c:148\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245\n\nAllocated by task 31370:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x30/0x70 mm/kasan/common.c:68\npoison_kmalloc_redzone mm/kasan/common.c:388 [inline]\n__kasan_kmalloc+0x82/0x90 mm/kasan/common.c:405\nkasan_kmalloc include/linux/kasan.h:260 [inline]\n__do_kmalloc_node mm/slub.c:4382 [inline]\n__kmalloc_noprof+0x22f/0x390 mm/slub.c:4394\nkmalloc_noprof include/linux/slab.h:909 [inline]\nsk_prot_alloc+0xae/0x220 net/core/sock.c:2239\nsk_alloc+0x34/0x5a0 net/core/sock.c:2295\nbt_sock_alloc+0x3c/0x330 net/bluetooth/af_bluetooth.c:151\nsco_sock_alloc net/bluetooth/sco.c:562 [inline]\nsco_sock_create+0xc0/0x350 net/bluetooth/sco.c:593\nbt_sock_create+0x161/0x3b0 net/bluetooth/af_bluetooth.c:135\n__sock_create+0x3ad/0x780 net/socket.c:1589\nsock_create net/socket.c:1647 [inline]\n__sys_socket_create net/socket.c:1684 [inline]\n__sys_socket+0xd5/0x330 net/socket.c:1731\n__do_sys_socket net/socket.c:1745 [inline]\n__se_sys_socket net/socket.c:1743 [inline]\n__x64_sys_socket+0x7a/0x90 net/socket.c:1743\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xc7/0x240 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nFreed by task 31374:\nkasan_save_stack mm/kasan/common.c:47 [inline]\nkasan_save_track+0x30/0x70 mm/kasan/common.c:68\nkasan_save_free_info+0x40/0x50 mm/kasan/generic.c:576\npoison_slab_object mm/kasan/common.c:243 [inline]\n__kasan_slab_free+0x3d/0x50 mm/kasan/common.c:275\nkasan_slab_free include/linux/kasan.h:233 [inline]\nslab_free_hook mm/slub.c:2428 [inline]\nslab_free mm/slub.c:4701 [inline]\nkfree+0x199/0x3b0 mm/slub.c:4900\nsk_prot_free net/core/sock.c:2278 [inline]\n__sk_destruct+0x4aa/0x630 net/core/sock.c:2373\nsco_sock_release+0x2ad/0x300 net/bluetooth/sco.c:1333\n__sock_release net/socket.c:649 [inline]\nsock_close+0xb8/0x230 net/socket.c:1439\n__fput+0x3d1/0x9e0 fs/file_table.c:468\ntask_work_run+0x206/0x2a0 kernel/task_work.c:227\nget_signal+0x1201/0x1410 kernel/signal.c:2807\narch_do_signal_or_restart+0x34/0x740 arch/x86/kernel/signal.c:337\nexit_to_user_mode_loop+0x68/0xc0 kernel/entry/common.c:40\nexit_to_user_mode_prepare include/linux/irq-entry-common.h:225 [inline]\ns\n---truncated---", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40309" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40312", "cwe": { "id": "CWE-1287", "name": "Improper Validation of Specified Type of Input" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: Verify inode mode when loading from disk\nThe inode mode loaded from corrupted disk can be invalid. Do like what\ncommit 0a9e74051313 (\"isofs: Verify inode mode when loading from disk\")\ndoes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40312" } ], "release_date": "2025-12-08T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40315", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Fix epfile null pointer access after ep enable.\n\nA race condition occurs when ffs_func_eps_enable() runs concurrently\nwith ffs_data_reset(). The ffs_data_clear() called in ffs_data_reset()\nsets ffs->epfiles to NULL before resetting ffs->eps_count to 0, leading\nto a NULL pointer dereference when accessing epfile->ep in\nffs_func_eps_enable() after successful usb_ep_enable().\n\nThe ffs->epfiles pointer is set to NULL in both ffs_data_clear() and\nffs_data_close() functions, and its modification is protected by the\nspinlock ffs->eps_lock. And the whole ffs_func_eps_enable() function\nis also protected by ffs->eps_lock.\n\nThus, add NULL pointer handling for ffs->epfiles in the\nffs_func_eps_enable() function to fix issues", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40315" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e17979b7e9cb6a8f", "url": "https://git.kernel.org/stable/c/1c0dbd240be3f87cac321b14e17979b7e9cb6a8f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/30880e9df27332403dd638a82c27921134b3630b", "url": "https://git.kernel.org/stable/c/30880e9df27332403dd638a82c27921134b3630b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272", "url": "https://git.kernel.org/stable/c/9ec40fba7357df2d36f4c2e2f3b9b1a4fba0a272" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3383c2ae9cebd195", "url": "https://git.kernel.org/stable/c/b00d2572c16e8e59e979960d3383c2ae9cebd195" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c53e90563bc148e4e0ad09fe130ba2246d426ea6", "url": "https://git.kernel.org/stable/c/c53e90563bc148e4e0ad09fe130ba2246d426ea6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4", "url": "https://git.kernel.org/stable/c/cfd6f1a7b42f62523c96d9703ef32b0dbc495ba4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d62b808d5c68a931ad0849a00a5e3be3dd7e0019", "url": "https://git.kernel.org/stable/c/d62b808d5c68a931ad0849a00a5e3be3dd7e0019" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fc1141a530dfc91f0ee19b7f422a2d24829584bc", "url": "https://git.kernel.org/stable/c/fc1141a530dfc91f0ee19b7f422a2d24829584bc" } ], "release_date": "2025-12-08T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-40317", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: slimbus: fix bus_context pointer in regmap init calls\n\nCommit 4e65bda8273c (\"ASoC: wcd934x: fix error handling in\nwcd934x_codec_parse_data()\") revealed the problem in the slimbus regmap.\nThat commit breaks audio playback, for instance, on sdm845 Thundercomm\nDragonboard 845c board:\n\n Unable to handle kernel paging request at virtual address ffff8000847cbad4\n ...\n CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT\n Hardware name: Thundercomm Dragonboard 845c (DT)\n ...\n Call trace:\n slim_xfer_msg+0x24/0x1ac [slimbus] (P)\n slim_read+0x48/0x74 [slimbus]\n regmap_slimbus_read+0x18/0x24 [regmap_slimbus]\n _regmap_raw_read+0xe8/0x174\n _regmap_bus_read+0x44/0x80\n _regmap_read+0x60/0xd8\n _regmap_update_bits+0xf4/0x140\n _regmap_select_page+0xa8/0x124\n _regmap_raw_write_impl+0x3b8/0x65c\n _regmap_bus_raw_write+0x60/0x80\n _regmap_write+0x58/0xc0\n regmap_write+0x4c/0x80\n wcd934x_hw_params+0x494/0x8b8 [snd_soc_wcd934x]\n snd_soc_dai_hw_params+0x3c/0x7c [snd_soc_core]\n __soc_pcm_hw_params+0x22c/0x634 [snd_soc_core]\n dpcm_be_dai_hw_params+0x1d4/0x38c [snd_soc_core]\n dpcm_fe_dai_hw_params+0x9c/0x17c [snd_soc_core]\n snd_pcm_hw_params+0x124/0x464 [snd_pcm]\n snd_pcm_common_ioctl+0x110c/0x1820 [snd_pcm]\n snd_pcm_ioctl+0x34/0x4c [snd_pcm]\n __arm64_sys_ioctl+0xac/0x104\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xec\n el0t_64_sync_handler+0xa0/0xf0\n el0t_64_sync+0x198/0x19c\n\nThe __devm_regmap_init_slimbus() started to be used instead of\n__regmap_init_slimbus() after the commit mentioned above and turns out\nthe incorrect bus_context pointer (3rd argument) was used in\n__devm_regmap_init_slimbus(). It should be just \"slimbus\" (which is equal\nto &slimbus->dev). Correct it. The wcd934x codec seems to be the only or\nthe first user of devm_regmap_init_slimbus() but we should fix it till\nthe point where __devm_regmap_init_slimbus() was introduced therefore\ntwo \"Fixes\" tags.\n\nWhile at this, also correct the same argument in __regmap_init_slimbus().", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40317" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1", "url": "https://git.kernel.org/stable/c/02d3041caaa3fe4dd69e5a8afd1ac6b918ddc6a1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c", "url": "https://git.kernel.org/stable/c/2664bfd8969d1c43dcbe3ea313f130dfa6b74f4c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/434f7349a1f00618a620b316f091bd13a12bc8d2", "url": "https://git.kernel.org/stable/c/434f7349a1f00618a620b316f091bd13a12bc8d2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8143e4075d131c528540417a51966f6697be14eb", "url": "https://git.kernel.org/stable/c/8143e4075d131c528540417a51966f6697be14eb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a16e92f8d7dc7371e68f17a9926cb92d2244be7b", "url": "https://git.kernel.org/stable/c/a16e92f8d7dc7371e68f17a9926cb92d2244be7b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b65f3303349eaee333e47d2a99045aa12fa0c3a7", "url": "https://git.kernel.org/stable/c/b65f3303349eaee333e47d2a99045aa12fa0c3a7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c0f05129e5734ff3fd14b2c242709314d9ca5433", "url": "https://git.kernel.org/stable/c/c0f05129e5734ff3fd14b2c242709314d9ca5433" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d979639f099c6e51f06ce4dd8d8e56364d6c17ba", "url": "https://git.kernel.org/stable/c/d979639f099c6e51f06ce4dd8d8e56364d6c17ba" } ], "release_date": "2025-12-08T01:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68177", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq/longhaul: handle NULL policy in longhaul_exit\n\nlonghaul_exit() was calling cpufreq_cpu_get(0) without checking\nfor a NULL policy pointer. On some systems, this could lead to a\nNULL dereference and a kernel warning or panic.\n\nThis patch adds a check using unlikely() and returns early if the\npolicy is NULL.\n\nBugzilla: #219962", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68177" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/55cf586b9556863e3c2a45460aba71bcb2be5bcd", "url": "https://git.kernel.org/stable/c/55cf586b9556863e3c2a45460aba71bcb2be5bcd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/592532a77b736b5153e0c2e4c74aa50af0a352ab", "url": "https://git.kernel.org/stable/c/592532a77b736b5153e0c2e4c74aa50af0a352ab" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/64adabb6d9d51b7e7c02fe733346a2c4dd738488", "url": "https://git.kernel.org/stable/c/64adabb6d9d51b7e7c02fe733346a2c4dd738488" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/809cf2a7794ca4c14c304b349f4c3ae220701ce4", "url": "https://git.kernel.org/stable/c/809cf2a7794ca4c14c304b349f4c3ae220701ce4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8d6791c480f22d6e9a566eaa77336d3d37c5c591", "url": "https://git.kernel.org/stable/c/8d6791c480f22d6e9a566eaa77336d3d37c5c591" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/956b56d17a89775e4957bbddefa45cd3c6c71000", "url": "https://git.kernel.org/stable/c/956b56d17a89775e4957bbddefa45cd3c6c71000" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b02352dd2e6cca98777714cc2a27553191df70db", "url": "https://git.kernel.org/stable/c/b02352dd2e6cca98777714cc2a27553191df70db" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fd93e1d71b3b14443092919be12b1abf08de35eb", "url": "https://git.kernel.org/stable/c/fd93e1d71b3b14443092919be12b1abf08de35eb" } ], "release_date": "2025-12-16T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68185", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing\nTheoretically it's an oopsable race, but I don't believe one can manage\nto hit it on real hardware; might become doable on a KVM, but it still\nwon't be easy to attack.\nAnyway, it's easy to deal with - since xdr_encode_hyper() is just a call of\nput_unaligned_be64(), we can put that under ->d_lock and be done with that.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68185" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68192", "cwe": { "id": "CWE-824", "name": "Access of Uninitialized Pointer" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup\nRaw IP packets have no MAC header, leaving skb->mac_header uninitialized.\nThis can trigger kernel panics on ARM64 when xfrm or other subsystems\naccess the offset due to strict alignment checks.\nInitialize the MAC header to prevent such crashes.\nThis can trigger kernel panics on ARM when running IPsec over the\nqmimux0 interface.\nExample trace:\nInternal error: Oops: 000000009600004f [#1] SMP\nCPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.34-gbe78e49cb433 #1\nHardware name: LS1028A RDB Board (DT)\npstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : xfrm_input+0xde8/0x1318\nlr : xfrm_input+0x61c/0x1318\nsp : ffff800080003b20\nCall trace:\nxfrm_input+0xde8/0x1318\nxfrm6_rcv+0x38/0x44\nxfrm6_esp_rcv+0x48/0xa8\nip6_protocol_deliver_rcu+0x94/0x4b0\nip6_input_finish+0x44/0x70\nip6_input+0x44/0xc0\nipv6_rcv+0x6c/0x114\n__netif_receive_skb_one_core+0x5c/0x8c\n__netif_receive_skb+0x18/0x60\nprocess_backlog+0x78/0x17c\n__napi_poll+0x38/0x180\nnet_rx_action+0x168/0x2f0", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68192" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40040", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmm/ksm: fix flag-dropping behavior in ksm_madvise\nsyzkaller discovered the following crash: (kernel BUG)\n[ 44.607039] ------------[ cut here ]------------\n[ 44.607422] kernel BUG at mm/userfaultfd.c:2067!\n[ 44.608148] Oops: invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 44.608814] CPU: 1 UID: 0 PID: 2475 Comm: reproducer Not tainted 6.16.0-rc6 #1 PREEMPT(none)\n[ 44.609635] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\n[ 44.610695] RIP: 0010:userfaultfd_release_all+0x3a8/0x460\n\n[ 44.617726] Call Trace:\n[ 44.617926] \n[ 44.619284] userfaultfd_release+0xef/0x1b0\n[ 44.620976] __fput+0x3f9/0xb60\n[ 44.621240] fput_close_sync+0x110/0x210\n[ 44.622222] __x64_sys_close+0x8f/0x120\n[ 44.622530] do_syscall_64+0x5b/0x2f0\n[ 44.622840] entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[ 44.623244] RIP: 0033:0x7f365bb3f227\nKernel panics because it detects UFFD inconsistency during\nuserfaultfd_release_all(). Specifically, a VMA which has a valid pointer\nto vma->vm_userfaultfd_ctx, but no UFFD flags in vma->vm_flags.\nThe inconsistency is caused in ksm_madvise(): when user calls madvise()\nwith MADV_UNMEARGEABLE on a VMA that is registered for UFFD in MINOR mode,\nit accidentally clears all flags stored in the upper 32 bits of\nvma->vm_flags.\nAssuming x86_64 kernel build, unsigned long is 64-bit and unsigned int and\nint are 32-bit wide. This setup causes the following mishap during the &=\n~VM_MERGEABLE assignment.\nVM_MERGEABLE is a 32-bit constant of type unsigned int, 0x8000'0000. \nAfter ~ is applied, it becomes 0x7fff'ffff unsigned int, which is then\npromoted to unsigned long before the & operation. This promotion fills\nupper 32 bits with leading 0s, as we're doing unsigned conversion (and\neven for a signed conversion, this wouldn't help as the leading bit is 0).\n& operation thus ends up AND-ing vm_flags with 0x0000'0000'7fff'ffff\ninstead of intended 0xffff'ffff'7fff'ffff and hence accidentally clears\nthe upper 32-bits of its value.\nFix it by changing `VM_MERGEABLE` constant to unsigned long, using the\nBIT() macro.\nNote: other VM_* flags are not affected: This only happens to the\nVM_MERGEABLE flag, as the other VM_* flags are all constants of type int\nand after ~ operation, they end up with leading 1 and are thus converted\nto unsigned long with leading 1s.\nNote 2:\nAfter commit 31defc3b01d9 (\"userfaultfd: remove (VM_)BUG_ON()s\"), this is\nno longer a kernel BUG, but a WARNING at the same place:\n[ 45.595973] WARNING: CPU: 1 PID: 2474 at mm/userfaultfd.c:2067\nbut the root-cause (flag-drop) remains the same.\n[akpm@linux-foundation.org: rust bindgen wasn't able to handle BIT(), from Miguel]", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40040" } ], "release_date": "2025-10-28T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40083", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet/sched: sch_qfq: Fix null-deref in agg_dequeue\nTo prevent a potential crash in agg_dequeue (net/sched/sch_qfq.c)\nwhen cl->qdisc->ops->peek(cl->qdisc) returns NULL, we check the return\nvalue before using it, similar to the existing approach in sch_hfsc.c.\nTo avoid code duplication, the following changes are made:\n1. Changed qdisc_warn_nonwc(include/net/pkt_sched.h) into a static\ninline function.\n2. Moved qdisc_peek_len from net/sched/sch_hfsc.c to\ninclude/net/pkt_sched.h so that sch_qfq can reuse it.\n3. Applied qdisc_peek_len in agg_dequeue to avoid crashing.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40083" } ], "release_date": "2025-10-29T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-39964", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Disallow concurrent writes in af_alg_sendmsg\n\nIssuing two writes to the same af_alg socket is bogus as the\ndata will be interleaved in an unpredictable fashion. Furthermore,\nconcurrent writes may create inconsistencies in the internal\nsocket state.\n\nDisallow this by adding a new ctx->write field that indiciates\nexclusive ownership for writing.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39964" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce", "url": "https://git.kernel.org/stable/c/0f28c4adbc4a97437874c9b669fd7958a8c6d6ce" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285", "url": "https://git.kernel.org/stable/c/1b34cbbf4f011a121ef7b2d7d6e6920a036d5285" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8", "url": "https://git.kernel.org/stable/c/1f323a48e9b5ebfe6dc7d130fdf5c3c0e92a07c8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042", "url": "https://git.kernel.org/stable/c/45bcf60fe49b37daab1acee57b27211ad1574042" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84", "url": "https://git.kernel.org/stable/c/7c4491b5644e3a3708f3dbd7591be0a570135b84" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d", "url": "https://git.kernel.org/stable/c/9aee87da5572b3a14075f501752e209801160d3d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9", "url": "https://git.kernel.org/stable/c/e4c1ec11132ec466f7362a95f36a506ce4dc08c9" } ], "release_date": "2025-10-13T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2025-68220", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error\n\nMake knav_dma_open_channel consistently return NULL on error instead\nof ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h\nreturns NULL when the driver is disabled, but the driver\nimplementation does not even return NULL or ERR_PTR on failure,\ncausing inconsistency in the users. This results in a crash in\nnetcp_free_navigator_resources as followed (trimmed):\n\nUnhandled fault: alignment exception (0x221) at 0xfffffff2\n[fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000\nInternal error: : 221 [#1] SMP ARM\nModules linked in:\nCPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.17.0-rc7 #1 NONE\nHardware name: Keystone\nPC is at knav_dma_close_channel+0x30/0x19c\nLR is at netcp_free_navigator_resources+0x2c/0x28c\n\n[... TRIM...]\n\nCall trace:\n knav_dma_close_channel from netcp_free_navigator_resources+0x2c/0x28c\n netcp_free_navigator_resources from netcp_ndo_open+0x430/0x46c\n netcp_ndo_open from __dev_open+0x114/0x29c\n __dev_open from __dev_change_flags+0x190/0x208\n __dev_change_flags from netif_change_flags+0x1c/0x58\n netif_change_flags from dev_change_flags+0x38/0xa0\n dev_change_flags from ip_auto_config+0x2c4/0x11f0\n ip_auto_config from do_one_initcall+0x58/0x200\n do_one_initcall from kernel_init_freeable+0x1cc/0x238\n kernel_init_freeable from kernel_init+0x1c/0x12c\n kernel_init from ret_from_fork+0x14/0x38\n[... TRIM...]\n\nStandardize the error handling by making the function return NULL on\nall error conditions. The API is used in just the netcp_core.c so the\nimpact is limited.\n\nNote, this change, in effect reverts commit 5b6cb43b4d62 (\"net:\nethernet: ti: netcp_core: return error while dma channel open issue\"),\nbut provides a less error prone implementation.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68220" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2572c358ee434ce4b994472cceeb4043cbff5bc5", "url": "https://git.kernel.org/stable/c/2572c358ee434ce4b994472cceeb4043cbff5bc5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3afeb909c3e2e0eb19b1e20506196e5f2d9c2259", "url": "https://git.kernel.org/stable/c/3afeb909c3e2e0eb19b1e20506196e5f2d9c2259" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8427218ecbd7f8559c37972e66cb0fa06e82353b", "url": "https://git.kernel.org/stable/c/8427218ecbd7f8559c37972e66cb0fa06e82353b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90a88306eb874fe4bbdd860e6c9787f5bbc588b5", "url": "https://git.kernel.org/stable/c/90a88306eb874fe4bbdd860e6c9787f5bbc588b5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/952637c5b9be64539cd0e13ef88db71a1df46373", "url": "https://git.kernel.org/stable/c/952637c5b9be64539cd0e13ef88db71a1df46373" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af6b10a13fc0aee37df4a8292414cc055c263fa3", "url": "https://git.kernel.org/stable/c/af6b10a13fc0aee37df4a8292414cc055c263fa3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f9608637ecc165d7d6341df105aee44691461fb9", "url": "https://git.kernel.org/stable/c/f9608637ecc165d7d6341df105aee44691461fb9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fbb53727ca789a8d27052aab4b77ca9e2a0fae2b", "url": "https://git.kernel.org/stable/c/fbb53727ca789a8d27052aab4b77ca9e2a0fae2b" } ], "release_date": "2025-12-16T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68229", "cwe": { "id": "CWE-252", "name": "Unchecked Return Value" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nscsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()\nIf the allocation of tl_hba->sh fails in tcm_loop_driver_probe() and we\nattempt to dereference it in tcm_loop_tpg_address_show() we will get a\nsegfault, see below for an example. So, check tl_hba->sh before\ndereferencing it.\nUnable to allocate struct scsi_host\nBUG: kernel NULL pointer dereference, address: 0000000000000194\n#PF: supervisor read access in kernel mode\n#PF: error_code(0x0000) - not-present page\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 1 PID: 8356 Comm: tokio-runtime-w Not tainted 6.6.104.2-4.azl3 #1\nHardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 09/28/2024\nRIP: 0010:tcm_loop_tpg_address_show+0x2e/0x50 [tcm_loop]\n...\nCall Trace:\n\nconfigfs_read_iter+0x12d/0x1d0 [configfs]\nvfs_read+0x1b5/0x300\nksys_read+0x6f/0xf0\n...", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68229" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68241", "cwe": { "id": "CWE-367", "name": "Time-of-check Time-of-use (TOCTOU) Race Condition" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe\nThe sit driver's packet transmission path calls: sit_tunnel_xmit() ->\nupdate_or_create_fnhe(), which lead to fnhe_remove_oldest() being called\nto delete entries exceeding FNHE_RECLAIM_DEPTH+random.\nThe race window is between fnhe_remove_oldest() selecting fnheX for\ndeletion and the subsequent kfree_rcu(). During this time, the\nconcurrent path's __mkroute_output() -> find_exception() can fetch the\nsoon-to-be-deleted fnheX, and rt_bind_exception() then binds it with a\nnew dst using a dst_hold(). When the original fnheX is freed via RCU,\nthe dst reference remains permanently leaked.\nCPU 0 CPU 1\n__mkroute_output()\nfind_exception() [fnheX]\nupdate_or_create_fnhe()\nfnhe_remove_oldest() [fnheX]\nrt_bind_exception() [bind dst]\nRCU callback [fnheX freed, dst leak]\nThis issue manifests as a device reference count leak and a warning in\ndmesg when unregistering the net device:\nunregister_netdevice: waiting for sitX to become free. Usage count = N\nIdo Schimmel provided the simple test validation method [1].\nThe fix clears 'oldest->fnhe_daddr' before calling fnhe_flush_routes().\nSince rt_bind_exception() checks this field, setting it to zero prevents\nthe stale fnhe from being reused and bound to a new dst just before it\nis freed.\n[1]\nip netns add ns1\nip -n ns1 link set dev lo up\nip -n ns1 address add 192.0.2.1/32 dev lo\nip -n ns1 link add name dummy1 up type dummy\nip -n ns1 route add 192.0.2.2/32 dev dummy1\nip -n ns1 link add name gretap1 up arp off type gretap \\\nlocal 192.0.2.1 remote 192.0.2.2\nip -n ns1 route add 198.51.0.0/16 dev gretap1\ntaskset -c 0 ip netns exec ns1 mausezahn gretap1 \\\n-A 198.51.100.1 -B 198.51.0.0/16 -t udp -p 1000 -c 0 -q &\ntaskset -c 2 ip netns exec ns1 mausezahn gretap1 \\\n-A 198.51.100.1 -B 198.51.0.0/16 -t udp -p 1000 -c 0 -q &\nsleep 10\nip netns pids ns1 | xargs kill\nip netns del ns1", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68241" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-40363", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: ipv6: fix field-spanning memcpy warning in AH output\nFix field-spanning memcpy warnings in ah6_output() and\nah6_output_done() where extension headers are copied to/from IPv6\naddress fields, triggering fortify-string warnings about writes beyond\nthe 16-byte address fields.\nmemcpy: detected field-spanning write (size 40) of single field \"&top_iph->saddr\" at net/ipv6/ah6.c:439 (size 16)\nWARNING: CPU: 0 PID: 8838 at net/ipv6/ah6.c:439 ah6_output+0xe7e/0x14e0 net/ipv6/ah6.c:439\nThe warnings are false positives as the extension headers are\nintentionally placed after the IPv6 header in memory. Fix by properly\ncopying addresses and extension headers separately, and introduce\nhelper functions to avoid code duplication.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-40363" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68168", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\njfs: fix uninitialized waitqueue in transaction manager\nThe transaction manager initialization in txInit() was not properly\ninitializing TxBlock[0].waitor waitqueue, causing a crash when\ntxEnd(0) is called on read-only filesystems.\nWhen a filesystem is mounted read-only, txBegin() returns tid=0 to\nindicate no transaction. However, txEnd(0) still gets called and\ntries to access TxBlock[0].waitor via tid_to_tblock(0), but this\nwaitqueue was never initialized because the initialization loop\nstarted at index 1 instead of 0.\nThis causes a 'non-static key' lockdep warning and system crash:\nINFO: trying to register non-static key in txEnd\nFix by ensuring all transaction blocks including TxBlock[0] have\ntheir waitqueues properly initialized during txInit().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68168" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68194", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: imon: make send_packet() more robust\nsyzbot is reporting that imon has three problems which result in\nhung tasks due to forever holding device lock [1].\nFirst problem is that when usb_rx_callback_intf0() once got -EPROTO error\nafter ictx->dev_present_intf0 became true, usb_rx_callback_intf0()\nresubmits urb after printk(), and resubmitted urb causes\nusb_rx_callback_intf0() to again get -EPROTO error. This results in\nprintk() flooding (RCU stalls).\nAlan Stern commented [2] that\nIn theory it's okay to resubmit _if_ the driver has a robust\nerror-recovery scheme (such as giving up after some fixed limit on the\nnumber of errors or after some fixed time has elapsed, perhaps with a\ntime delay to prevent a flood of errors). Most drivers don't bother to\ndo this; they simply give up right away. This makes them more\nvulnerable to short-term noise interference during USB transfers, but in\nreality such interference is quite rare. There's nothing really wrong\nwith giving up right away.\nbut imon has a poor error-recovery scheme which just retries forever;\nthis behavior should be fixed.\nSince I'm not sure whether it is safe for imon users to give up upon any\nerror code, this patch takes care of only union of error codes chosen from\nmodules in drivers/media/rc/ directory which handle -EPROTO error (i.e.\nir_toy, mceusb and igorplugusb).\nSecond problem is that when usb_rx_callback_intf0() once got -EPROTO error\nbefore ictx->dev_present_intf0 becomes true, usb_rx_callback_intf0() always\nresubmits urb due to commit 8791d63af0cf (\"[media] imon: don't wedge\nhardware after early callbacks\"). Move the ictx->dev_present_intf0 test\nintroduced by commit 6f6b90c9231a (\"[media] imon: don't parse scancodes\nuntil intf configured\") to immediately before imon_incoming_packet(), or\nthe first problem explained above happens without printk() flooding (i.e.\nhung task).\nThird problem is that when usb_rx_callback_intf0() is not called for some\nreason (e.g. flaky hardware; the reproducer for this problem sometimes\nprevents usb_rx_callback_intf0() from being called),\nwait_for_completion_interruptible() in send_packet() never returns (i.e.\nhung task). As a workaround for such situation, change send_packet() to\nwait for completion with timeout of 10 seconds.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68194" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68204", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\npmdomain: arm: scmi: Fix genpd leak on provider registration failure\nIf of_genpd_add_provider_onecell() fails during probe, the previously\ncreated generic power domains are not removed, leading to a memory leak\nand potential kernel crash later in genpd_debug_add().\nAdd proper error handling to unwind the initialized domains before\nreturning from probe to ensure all resources are correctly released on\nfailure.\nExample crash trace observed without this fix:\n| Unable to handle kernel paging request at virtual address fffffffffffffc70\n| CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.18.0-rc1 #405 PREEMPT\n| Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno Development Platform\n| pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n| pc : genpd_debug_add+0x2c/0x160\n| lr : genpd_debug_init+0x74/0x98\n| Call trace:\n| genpd_debug_add+0x2c/0x160 (P)\n| genpd_debug_init+0x74/0x98\n| do_one_initcall+0xd0/0x2d8\n| do_initcall_level+0xa0/0x140\n| do_initcalls+0x60/0xa8\n| do_basic_setup+0x28/0x40\n| kernel_init_freeable+0xe8/0x170\n| kernel_init+0x2c/0x140\n| ret_from_fork+0x10/0x20", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68204" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68217", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nInput: pegasus-notetaker - fix potential out-of-bounds access\n\nIn the pegasus_notetaker driver, the pegasus_probe() function allocates\nthe URB transfer buffer using the wMaxPacketSize value from\nthe endpoint descriptor. An attacker can use a malicious USB descriptor\nto force the allocation of a very small buffer.\n\nSubsequently, if the device sends an interrupt packet with a specific\npattern (e.g., where the first byte is 0x80 or 0x42),\nthe pegasus_parse_packet() function parses the packet without checking\nthe allocated buffer size. This leads to an out-of-bounds memory access.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68217" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77", "url": "https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6", "url": "https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513", "url": "https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e", "url": "https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f", "url": "https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26", "url": "https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd", "url": "https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479", "url": "https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479" } ], "release_date": "2025-12-16T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-68312", "cwe": { "id": "CWE-763", "name": "Release of Invalid Pointer or Reference" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nusbnet: Prevents free active kevent\nThe root cause of this issue are:\n1. When probing the usbnet device, executing usbnet_link_change(dev, 0, 0);\nput the kevent work in global workqueue. However, the kevent has not yet\nbeen scheduled when the usbnet device is unregistered. Therefore, executing\nfree_netdev() results in the \"free active object (kevent)\" error reported\nhere.\n2. Another factor is that when calling usbnet_disconnect()->unregister_netdev(),\nif the usbnet device is up, ndo_stop() is executed to cancel the kevent.\nHowever, because the device is not up, ndo_stop() is not executed.\nThe solution to this problem is to cancel the kevent before executing\nfree_netdev().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68312" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68734", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nisdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()\nIn hfcsusb_probe(), the memory allocated for ctrl_urb gets leaked when\nsetup_instance() fails with an error code. Fix that by freeing the urb\nbefore freeing the hw structure. Also change the error paths to use the\ngoto ladder style.\nCompile tested only. Issue found using a prototype static analysis tool.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68734" } ], "release_date": "2025-12-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-68245", "cwe": { "id": "CWE-911", "name": "Improper Update of Reference Count" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: netpoll: fix incorrect refcount handling causing incorrect cleanup\ncommit efa95b01da18 (\"netpoll: fix use after free\") incorrectly\nignored the refcount and prematurely set dev->npinfo to NULL during\nnetpoll cleanup, leading to improper behavior and memory leaks.\nScenario causing lack of proper cleanup:\n1) A netpoll is associated with a NIC (e.g., eth0) and netdev->npinfo is\nallocated, and refcnt = 1\n- Keep in mind that npinfo is shared among all netpoll instances. In\nthis case, there is just one.\n2) Another netpoll is also associated with the same NIC and\nnpinfo->refcnt += 1.\n- Now dev->npinfo->refcnt = 2;\n- There is just one npinfo associated to the netdev.\n3) When the first netpolls goes to clean up:\n- The first cleanup succeeds and clears np->dev->npinfo, ignoring\nrefcnt.\n- It basically calls `RCU_INIT_POINTER(np->dev->npinfo, NULL);`\n- Set dev->npinfo = NULL, without proper cleanup\n- No ->ndo_netpoll_cleanup() is either called\n4) Now the second target tries to clean up\n- The second cleanup fails because np->dev->npinfo is already NULL.\n* In this case, ops->ndo_netpoll_cleanup() was never called, and\nthe skb pool is not cleaned as well (for the second netpoll\ninstance)\n- This leaks npinfo and skbpool skbs, which is clearly reported by\nkmemleak.\nRevert commit efa95b01da18 (\"netpoll: fix use after free\") and adds\nclarifying comments emphasizing that npinfo cleanup should only happen\nonce the refcount reaches zero, ensuring stable and correct netpoll\nbehavior.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-68245" } ], "release_date": "2025-12-16T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-03T17:44:56.702575Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694", "product_ids": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1770140694" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.352.5.el7uek.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }