{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "spec: up spec/misc to 1160.136.1, spectre mitigation is off by default\n- hugetlb, mempolicy: fix the mbind hugetlb migration\n- net: atm: fix use after free in lec_send()\n- net: atlantic: fix aq_vec index out of range error\n- block: initialize flush request via blk_mq_rq_ctx_init()\n- ALSA: usb-audio: Fix a DMA to stack memory bug\n- namei: ->d_inode of a pinned dentry is stable only for positives\n- namei: results of d_is_negative() should be checked after dentry revalidation\n- namei: d_is_negative() should be checked before ->d_seq validation\n- VFS: Combine inode checks with d_is_negative() and d_is_positive() in pathwalk\n- scsi: smartpqi: Fix DMA direction for RAID requests\n- scsi: smartpqi: Fix duplicate device nodes for tape changers\n- VFS: Impose ordering on accesses of d_inode and d_flags\n- neighbour: fix data-races around n->output\n- cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options\n- cipso: fix total option length computation\n- proc: Use new_inode not new_inode_pseudo\n- lockd: skip shutdown of rpc clients with outstanding notifications\n- SUNRPC: ECONNRESET might require a rebind\n- SUNRPC: ECONNREFUSED should cause a rebind\n- x86/fpu: Prevent FPU state corruption\n- x86, fpu: Introduce per-cpu in_kernel_fpu state\n- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI {CVE-2024-2201}\n- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto {CVE-2024-2201}\n- x86/bugs: Fix BHI handling of RRSBA\n- x86/bugs: Fix BHI documentation {CVE-2024-2201}\n- x86/bugs: Fix return type of spectre_bhi_state() {CVE-2024-2201}\n- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default {CVE-2024-2201}\n- x86/bhi: Add BHI mitigation knob {CVE-2024-2201}\n- x86/bhi: Enumerate Branch History Injection (BHI) bug {CVE-2024-2201}\n- x86/bhi: Define SPEC_CTRL_BHI_DIS_S {CVE-2024-2201}\n- x86/bhi: Add support for clearing branch history at syscall entry {CVE-2024-2201}\n- Documentation/hw-vuln: Document the interaction between IBRS and STIBP\n- x86/bugs: Add X86_FEATURE_RETPOLINE\n- x86/bugs: Extend VMware Retbleed workaround to Nehalem\n- gfs2: Fix length of holes reported at end-of-file\n- gfs2: Only do glock put in gfs2_create_inode for free inodes\n- gfs2: Fix use-after-free in gfs2_logd after withdraw\n- gfs2: fix use-after-free in trans_drain\n- gfs2: Clean up revokes on normal withdraws\n- GFS2: gfs2_free_extlen can return an extent that is too long\n- gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe\n- GFS2: Refactor gfs2_remove_from_journal\n- GFS2: Only set PageChecked for jdata pages\n- gfs2: keep bios separate for each journal\n- gfs2: Remove active journal side effect from gfs2_write_log_header\n- gfs2: clean_journal improperly set sd_log_flush_head\n- partial \"GFS2: Introduce new gfs2_log_header_v2\"\n- gfs2: change from write to read lock for sd_log_flush_lock in journal replay\n- GFS2: Reduce code redundancy writing log headers\n- gfs2: Grab glock reference sooner in gfs2_add_revoke\n- gfs2: fix glock reference problem in gfs2_trans_remove_revoke\n- gfs2: Fix occasional glock use-after-free\n- gfs2: Make sure we don't miss any delayed withdraws\n- gfs2: Fix bad comment for trans_drain\n- gfs2: add some much needed cleanup for log flushes that fail\n- gfs2: fix trans slab error when withdraw occurs inside log_flush\n- gfs2: initialize transaction tr_ailX_lists earlier\n- GFS2: Remove extra \"if\" in gfs2_log_flush()\n- gfs2: fix use-after-free on transaction ail lists\n- gfs2: Trim the ordered write list in gfs2_ordered_write()\n- GFS2: Clean up releasepage\n- gfs2: Only set PageChecked if we have a transaction\n- gfs2: Fix case in which ail writes are done to jdata holes\n- gfs2: simplify gfs2_block_map\n- gfs2: Remove unused gfs2_iomap_alloc argument\n- netfilter: ipset: fix ip_set_list allocation failure\n- gfs2: Be more careful with the quota sync generation\n- gfs2: Get rid of some unnecessary quota locking\n- gfs2: Add some missing quota locking\n- gfs2: Fold qd_fish into gfs2_quota_sync\n- gfs2: quota need_sync cleanup\n- gfs2: Fix and clean up function do_qc\n- gfs2: Revert \"Add quota_change type\"\n- gfs2: Revert \"ignore negated quota changes\"\n- gfs2: qd_check_sync cleanups\n- gfs2: Check quota consistency on mount\n- gfs2: Minor gfs2_quota_init error path cleanup\n- gfs2: fix kernel BUG in gfs2_quota_cleanup\n- gfs2: Clean up quota.c:print_message\n- gfs2: Clean up gfs2_alloc_parms initializers\n- gfs2: Two quota=account mode fixes\n- gfs2: Remove useless assignment\n- gfs2: simplify slot_get\n- gfs2: Simplify qd2offset\n- gfs2: Remove quota allocation info from quota file\n- gfs2: use constant for array size\n- gfs2: Set qd_sync_gen in do_sync\n- gfs2: Remove useless err set\n- gfs2: Small gfs2_quota_lock cleanup\n- gfs2: move qdsb_put and reduce redundancy\n- gfs2: Don't try to sync non-changes\n- gfs2: Simplify function need_sync\n- gfs2: remove unneeded pg_oflow variable\n- gfs2: remove unneeded variable done\n- gfs2: pass sdp to gfs2_write_buf_to_page\n- gfs2: pass sdp in to gfs2_write_disk_quota\n- gfs2: Pass sdp to gfs2_adjust_quota\n- gfs2: remove dead code for quota writes\n- gfs2: Use qd_sbd more consequently\n- gfs2: replace 'found' with dedicated list iterator variable\n- gfs2: Some whitespace cleanups\n- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold\n- tcp: fix zero cwnd in tcp_cwnd_reduction\n- epoll: fix use-after-free in eventpoll_release_file\n- kernel.spec: run initramfs generation in %post (not only in %posttrans)", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/advisories/2025/clsa-2025_1756482270.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756482270", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1756482270" } ], "tracking": { "current_release_date": "2025-09-18T15:59:27Z", "generator": { "date": "2025-09-18T15:59:27Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1756482270", "initial_release_date": "2025-08-29T15:44:32Z", "revision_history": [ { "date": "2025-08-29T15:44:32Z", "number": "1", "summary": "Initial version" }, { "date": "2025-09-18T15:59:27Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "kernel: Fix of CVE-2024-2201" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product": { "name": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_id": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.136.1.el7.tuxcare.els23?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" }, "product_reference": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2201", "cwe": { "id": "CWE-1423", "name": "Exposure of Sensitive Information caused by Shared Microarchitectural Predictor State that Influences Transient Execution" }, "notes": [ { "category": "description", "text": "A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-2201" } ], "release_date": "2024-04-09T04:30:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Medium" } ] }, { "cve": "CVE-2025-22004", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atm: fix use after free in lec_send()\nThe ->send() operation frees skb so save the length before calling\n->send() to avoid a use after free.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-22004" } ], "release_date": "2025-04-03T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] }, { "cve": "CVE-2022-50066", "cwe": { "id": "CWE-823", "name": "Use of Out-of-range Pointer Offset" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nnet: atlantic: fix aq_vec index out of range error\nThe final update statement of the for loop exceeds the array range, the\ndereference of self->aq_vec[i] is not checked and then leads to the\nindex out of range error.\nAlso fixed this kind of coding style in other for loop.\n[ 97.937604] UBSAN: array-index-out-of-bounds in drivers/net/ethernet/aquantia/atlantic/aq_nic.c:1404:48\n[ 97.937607] index 8 is out of range for type 'aq_vec_s *[8]'\n[ 97.937608] CPU: 38 PID: 3767 Comm: kworker/u256:18 Not tainted 5.19.0+ #2\n[ 97.937610] Hardware name: Dell Inc. Precision 7865 Tower/, BIOS 1.0.0 06/12/2022\n[ 97.937611] Workqueue: events_unbound async_run_entry_fn\n[ 97.937616] Call Trace:\n[ 97.937617] \n[ 97.937619] dump_stack_lvl+0x49/0x63\n[ 97.937624] dump_stack+0x10/0x16\n[ 97.937626] ubsan_epilogue+0x9/0x3f\n[ 97.937627] __ubsan_handle_out_of_bounds.cold+0x44/0x49\n[ 97.937629] ? __scm_send+0x348/0x440\n[ 97.937632] ? aq_vec_stop+0x72/0x80 [atlantic]\n[ 97.937639] aq_nic_stop+0x1b6/0x1c0 [atlantic]\n[ 97.937644] aq_suspend_common+0x88/0x90 [atlantic]\n[ 97.937648] aq_pm_suspend_poweroff+0xe/0x20 [atlantic]\n[ 97.937653] pci_pm_suspend+0x7e/0x1a0\n[ 97.937655] ? pci_pm_suspend_noirq+0x2b0/0x2b0\n[ 97.937657] dpm_run_callback+0x54/0x190\n[ 97.937660] __device_suspend+0x14c/0x4d0\n[ 97.937661] async_suspend+0x23/0x70\n[ 97.937663] async_run_entry_fn+0x33/0x120\n[ 97.937664] process_one_work+0x21f/0x3f0\n[ 97.937666] worker_thread+0x4a/0x3c0\n[ 97.937668] ? process_one_work+0x3f0/0x3f0\n[ 97.937669] kthread+0xf0/0x120\n[ 97.937671] ? kthread_complete_and_exit+0x20/0x20\n[ 97.937672] ret_from_fork+0x22/0x30\n[ 97.937676] \nv2. fixed \"warning: variable 'aq_vec' set but not used\"\nv3. simplified a for loop", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-50066" } ], "release_date": "2025-06-18T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els23.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }