{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/oraclelinux7els/vex/2025/cve-2025-21681-els_os-oraclelinux7els.json" } ], "title": "Security update on CVE-2025-21681", "tracking": { "current_release_date": "2025-12-23T22:15:38Z", "generator": { "date": "2025-12-23T22:15:38Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-21681-ELS_OS-ORACLELINUX7ELS", "initial_release_date": "2025-01-31T12:15:00Z", "revision_history": [ { "date": "2025-01-31T12:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-09-15T19:22:34Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Oracle Linux 7", "product": { "name": "Oracle Linux 7", "product_id": "Oracle-Linux-7", "product_identification_helper": { "cpe": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Oracle Linux" } ], "category": "vendor", "name": "Oracle Corporation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-tools@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-headers@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug-devel@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-container-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product": { "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_id": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-uek-debug@5.4.17-2136.338.4.2.el7uek.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64 as a component of Oracle Linux 7", "product_id": "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" }, "product_reference": "kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "relates_to_product_reference": "Oracle-Linux-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-21681", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition ('Infinite Loop')" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix lockup on tx to unregistering netdev with carrier\n\nCommit in a fixes tag attempted to fix the issue in the following\nsequence of calls:\n\n do_output\n -> ovs_vport_send\n -> dev_queue_xmit\n -> __dev_queue_xmit\n -> netdev_core_pick_tx\n -> skb_tx_hash\n\nWhen device is unregistering, the 'dev->real_num_tx_queues' goes to\nzero and the 'while (unlikely(hash >= qcount))' loop inside the\n'skb_tx_hash' becomes infinite, locking up the core forever.\n\nBut unfortunately, checking just the carrier status is not enough to\nfix the issue, because some devices may still be in unregistering\nstate while reporting carrier status OK.\n\nOne example of such device is a net/dummy. It sets carrier ON\non start, but it doesn't implement .ndo_stop to set the carrier off.\nAnd it makes sense, because dummy doesn't really have a carrier.\nTherefore, while this device is unregistering, it's still easy to hit\nthe infinite loop in the skb_tx_hash() from the OVS datapath. There\nmight be other drivers that do the same, but dummy by itself is\nimportant for the OVS ecosystem, because it is frequently used as a\npacket sink for tcpdump while debugging OVS deployments. And when the\nissue is hit, the only way to recover is to reboot.\n\nFix that by also checking if the device is running. The running\nstate is handled by the net core during unregistering, so it covers\nunregistering case better, and we don't really need to send packets\nto devices that are not running anyway.\n\nWhile only checking the running state might be enough, the carrier\ncheck is preserved. The running and the carrier states seem disjoined\nthroughout the code and different drivers. And other core functions\nlike __dev_direct_xmit() check both before attempting to transmit\na packet. So, it seems safer to check both flags in OVS as well.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-21681" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/47e55e4b410f7d552e43011baa5be1aab4093990", "url": "https://git.kernel.org/stable/c/47e55e4b410f7d552e43011baa5be1aab4093990" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/82f433e8dd0629e16681edf6039d094b5518d8ed", "url": "https://git.kernel.org/stable/c/82f433e8dd0629e16681edf6039d094b5518d8ed" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/87fcf0d137c770e6040ebfdb0abd8e7dd481b504", "url": "https://git.kernel.org/stable/c/87fcf0d137c770e6040ebfdb0abd8e7dd481b504" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/930268823f6bccb697aa5d2047aeffd4a497308c", "url": "https://git.kernel.org/stable/c/930268823f6bccb697aa5d2047aeffd4a497308c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b5c73fc92f8d15c16e5dc87b5c17d2abf1e6d092", "url": "https://git.kernel.org/stable/c/b5c73fc92f8d15c16e5dc87b5c17d2abf1e6d092" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea966b6698785fb9cd0fdb867acd91b222e4723f", "url": "https://git.kernel.org/stable/c/ea966b6698785fb9cd0fdb867acd91b222e4723f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea9e990356b7bee95440ba0e6e83cc4d701afaca", "url": "https://git.kernel.org/stable/c/ea9e990356b7bee95440ba0e6e83cc4d701afaca" } ], "release_date": "2025-01-31T12:15:00", "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Oracle-Linux-7:bpftool-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-tools-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:python-perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:perf-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-headers-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-devel-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-container-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64", "Oracle-Linux-7:kernel-uek-debug-0:5.4.17-2136.338.4.2.el7uek.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] } ] }