{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618}\n- cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945}\n- scsi: bfa: Double-free fix {CVE-2025-38699}\n- pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}\n- ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572}\n- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685}\n- fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702}\n- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() {CVE-2023-53521}\n- usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760}\n- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680}\n- fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691}\n- bna: ensure the copied buf is NUL terminated {CVE-2024-36934}\n- i40e: fix idx validation in config queues msg {CVE-2025-39971}", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/advisories/2026/clsa-2026_1771240859.json" } ], "tracking": { "current_release_date": "2026-02-16T11:23:00Z", "generator": { "date": "2026-02-16T11:23:00Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1771240859", "initial_release_date": "2026-02-16T11:23:00Z", "revision_history": [ { "date": "2026-02-16T11:23:00Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "kernel: Fix of 13 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product": { "name": "kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_id": "kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.144.1.el7.tuxcare.els2?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" }, "product_reference": "kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-38572", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: reject malicious packets in ipv6_gso_segment()\n\nsyzbot was able to craft a packet with very long IPv6 extension headers\nleading to an overflow of skb->transport_header.\n\nThis 16bit field has a limited range.\n\nAdd skb_reset_transport_header_careful() helper and use it\nfrom ipv6_gso_segment()\n\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\nWARNING: CPU: 0 PID: 5871 at ./include/linux/skbuff.h:3032 ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nModules linked in:\nCPU: 0 UID: 0 PID: 5871 Comm: syz-executor211 Not tainted 6.16.0-rc6-syzkaller-g7abc678e3084 #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\n RIP: 0010:skb_reset_transport_header include/linux/skbuff.h:3032 [inline]\n RIP: 0010:ipv6_gso_segment+0x15e2/0x21e0 net/ipv6/ip6_offload.c:151\nCall Trace:\n \n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n nsh_gso_segment+0x54a/0xe10 net/nsh/nsh.c:110\n skb_mac_gso_segment+0x31c/0x640 net/core/gso.c:53\n __skb_gso_segment+0x342/0x510 net/core/gso.c:124\n skb_gso_segment include/net/gso.h:83 [inline]\n validate_xmit_skb+0x857/0x11b0 net/core/dev.c:3950\n validate_xmit_skb_list+0x84/0x120 net/core/dev.c:4000\n sch_direct_xmit+0xd3/0x4b0 net/sched/sch_generic.c:329\n __dev_xmit_skb net/core/dev.c:4102 [inline]\n __dev_queue_xmit+0x17b6/0x3a70 net/core/dev.c:4679", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38572" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/09ff062b89d8e48165247d677d1ca23d6d607e9b", "url": "https://git.kernel.org/stable/c/09ff062b89d8e48165247d677d1ca23d6d607e9b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3f638e0b28bde7c3354a0df938ab3a96739455d1", "url": "https://git.kernel.org/stable/c/3f638e0b28bde7c3354a0df938ab3a96739455d1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5489e7fc6f8be3062f8cb7e49406de4bfd94db67", "url": "https://git.kernel.org/stable/c/5489e7fc6f8be3062f8cb7e49406de4bfd94db67" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/573b8250fc2554761db3bc2bbdbab23789d52d4e", "url": "https://git.kernel.org/stable/c/573b8250fc2554761db3bc2bbdbab23789d52d4e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5dc60b2a00ed7629214ac0c48e43f40af2078703", "url": "https://git.kernel.org/stable/c/5dc60b2a00ed7629214ac0c48e43f40af2078703" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d45cf1e7d7180256e17c9ce88e32e8061a7887fe", "url": "https://git.kernel.org/stable/c/d45cf1e7d7180256e17c9ce88e32e8061a7887fe" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/de322cdf600fc9433845a9e944d1ca6b31cfb67e", "url": "https://git.kernel.org/stable/c/de322cdf600fc9433845a9e944d1ca6b31cfb67e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ee851768e4b8371ce151fd446d24bf3ae2d18789", "url": "https://git.kernel.org/stable/c/ee851768e4b8371ce151fd446d24bf3ae2d18789" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ef05007b403dcc21e701cb1f30d4572ac0a9da20", "url": "https://git.kernel.org/stable/c/ef05007b403dcc21e701cb1f30d4572ac0a9da20" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-08-19T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38702", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: fix potential buffer overflow in do_register_framebuffer()\n\nThe current implementation may lead to buffer overflow when:\n1. Unregistration creates NULL gaps in registered_fb[]\n2. All array slots become occupied despite num_registered_fb < FB_MAX\n3. The registration loop exceeds array bounds\n\nAdd boundary check to prevent registered_fb[FB_MAX] access.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38702" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399", "url": "https://git.kernel.org/stable/c/248b2aab9b2af5ecf89d9d7955a2ff20c4b4a399" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2828a433c7d7a05b6f27c8148502095101dd0b09", "url": "https://git.kernel.org/stable/c/2828a433c7d7a05b6f27c8148502095101dd0b09" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05", "url": "https://git.kernel.org/stable/c/523b84dc7ccea9c4d79126d6ed1cf9033cf83b05" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961", "url": "https://git.kernel.org/stable/c/5c3f5a25c62230b7965804ce7a2e9305c3ca3961" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/806f85bdd3a60187c21437fc51baace11f659f35", "url": "https://git.kernel.org/stable/c/806f85bdd3a60187c21437fc51baace11f659f35" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cbe740de32bb0fb7a5213731ff5f26ea6718fca3", "url": "https://git.kernel.org/stable/c/cbe740de32bb0fb7a5213731ff5f26ea6718fca3" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38618", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Do not allow binding to VMADDR_PORT_ANY\n\nIt is possible for a vsock to autobind to VMADDR_PORT_ANY. This can\ncause a use-after-free when a connection is made to the bound socket.\nThe socket returned by accept() also has port VMADDR_PORT_ANY but is not\non the list of unbound sockets. Binding it will result in an extra\nrefcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep\nthe binding until socket destruction).\n\nModify the check in __vsock_bind_connectible() to also prevent binding\nto VMADDR_PORT_ANY.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38618" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865", "url": "https://git.kernel.org/stable/c/32950b1907919be86a7a2697d6f93d57068b3865" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7", "url": "https://git.kernel.org/stable/c/44bd006d5c93f6a8f28b106cbae2428c5d0275b7" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1", "url": "https://git.kernel.org/stable/c/8f01093646b49f6330bb2d36761983fd829472b1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4", "url": "https://git.kernel.org/stable/c/aba0c94f61ec05315fa7815d21aefa4c87f6a9f4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de", "url": "https://git.kernel.org/stable/c/c04a2c1ca25b9b23104124d3b2d349d934e302de" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79", "url": "https://git.kernel.org/stable/c/cf86704798c1b9c46fa59dfc2d662f57d1394d79" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386", "url": "https://git.kernel.org/stable/c/d1a5b1964cef42727668ac0d8532dae4f8c19386" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87", "url": "https://git.kernel.org/stable/c/d73960f0cf03ef1dc9e96ec7a20e538accc26d87" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3", "url": "https://git.kernel.org/stable/c/f138be5d7f301fddad4e65ec66dfc3ceebf79be3" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-08-22T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39945", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncnic: Fix use-after-free bugs in cnic_delete_task\n\nThe original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(),\nwhich does not guarantee that the delayed work item 'delete_task' has\nfully completed if it was already running. Additionally, the delayed work\nitem is cyclic, the flush_workqueue() in cnic_cm_stop_bnx2x_hw() only\nblocks and waits for work items that were already queued to the\nworkqueue prior to its invocation. Any work items submitted after\nflush_workqueue() is called are not included in the set of tasks that the\nflush operation awaits. This means that after the cyclic work items have\nfinished executing, a delayed work item may still exist in the workqueue.\nThis leads to use-after-free scenarios where the cnic_dev is deallocated\nby cnic_free_dev(), while delete_task remains active and attempt to\ndereference cnic_dev in cnic_delete_task().\n\nA typical race condition is illustrated below:\n\nCPU 0 (cleanup) | CPU 1 (delayed work callback)\ncnic_netdev_event() |\n cnic_stop_hw() | cnic_delete_task()\n cnic_cm_stop_bnx2x_hw() | ...\n cancel_delayed_work() | /* the queue_delayed_work()\n flush_workqueue() | executes after flush_workqueue()*/\n | queue_delayed_work()\n cnic_free_dev(dev)//free | cnic_delete_task() //new instance\n | dev = cp->dev; //use\n\nReplace cancel_delayed_work() with cancel_delayed_work_sync() to ensure\nthat the cyclic delayed work item is properly canceled and that any\nongoing execution of the work item completes before the cnic_dev is\ndeallocated. Furthermore, since cancel_delayed_work_sync() uses\n__flush_work(work, true) to synchronously wait for any currently\nexecuting instance of the work item to finish, the flush_workqueue()\nbecomes redundant and should be removed.\n\nThis bug was identified through static analysis. To reproduce the issue\nand validate the fix, I simulated the cnic PCI device in QEMU and\nintroduced intentional delays — such as inserting calls to ssleep()\nwithin the cnic_delete_task() function — to increase the likelihood\nof triggering the bug.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39945" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0405055930264ea8fd26f4131466fa7652e5e47d", "url": "https://git.kernel.org/stable/c/0405055930264ea8fd26f4131466fa7652e5e47d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0627e1481676669cae2df0d85b5ff13e7d24c390", "url": "https://git.kernel.org/stable/c/0627e1481676669cae2df0d85b5ff13e7d24c390" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6e33a7eed587062ca8161ad1f4584882a860d697", "url": "https://git.kernel.org/stable/c/6e33a7eed587062ca8161ad1f4584882a860d697" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7b6a5b0a6b392263c3767fc945b311ea04b34bbd", "url": "https://git.kernel.org/stable/c/7b6a5b0a6b392263c3767fc945b311ea04b34bbd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8eeb2091e72d75df8ceaa2172638d61b4cf8929a", "url": "https://git.kernel.org/stable/c/8eeb2091e72d75df8ceaa2172638d61b4cf8929a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cfa7d9b1e3a8604afc84e9e51d789c29574fb216", "url": "https://git.kernel.org/stable/c/cfa7d9b1e3a8604afc84e9e51d789c29574fb216" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e1fcd4a9c09feac0902a65615e866dbf22616125", "url": "https://git.kernel.org/stable/c/e1fcd4a9c09feac0902a65615e866dbf22616125" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/fde6e73189f40ebcf0633aed2b68e731c25f3aa3", "url": "https://git.kernel.org/stable/c/fde6e73189f40ebcf0633aed2b68e731c25f3aa3" } ], "release_date": "2025-10-04T08:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38574", "cwe": { "id": "CWE-908", "name": "Use of Uninitialized Resource" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npptp: ensure minimal skb length in pptp_xmit()\n\nCommit aabc6596ffb3 (\"net: ppp: Add bound checking for skb data\non ppp_sync_txmung\") fixed ppp_sync_txmunge()\n\nWe need a similar fix in pptp_xmit(), otherwise we might\nread uninit data as reported by syzbot.\n\nBUG: KMSAN: uninit-value in pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n pptp_xmit+0xc34/0x2720 drivers/net/ppp/pptp.c:193\n ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2290 [inline]\n ppp_input+0x1d6/0xe60 drivers/net/ppp/ppp_generic.c:2314\n pppoe_rcv_core+0x1e8/0x760 drivers/net/ppp/pppoe.c:379\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n pppoe_sendmsg+0x15d/0xcb0 drivers/net/ppp/pppoe.c:904\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg+0x330/0x3d0 net/socket.c:727\n ____sys_sendmsg+0x893/0xd80 net/socket.c:2566\n ___sys_sendmsg+0x271/0x3b0 net/socket.c:2620\n __sys_sendmmsg+0x2d9/0x7c0 net/socket.c:2709", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38574" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1a04db0fd75cb6034fc27a56b67b3b8b9022a98c", "url": "https://git.kernel.org/stable/c/1a04db0fd75cb6034fc27a56b67b3b8b9022a98c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/26672f1679b143aa34fca0b6046b7fd0c184770d", "url": "https://git.kernel.org/stable/c/26672f1679b143aa34fca0b6046b7fd0c184770d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5005d24377378a20e5c0e53052fc4ebdcdcbc611", "url": "https://git.kernel.org/stable/c/5005d24377378a20e5c0e53052fc4ebdcdcbc611" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/504cc4ab91073d2ac7404ad146139f86ecee7193", "url": "https://git.kernel.org/stable/c/504cc4ab91073d2ac7404ad146139f86ecee7193" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5de7513f38f3c19c0610294ee478242bea356f8c", "url": "https://git.kernel.org/stable/c/5de7513f38f3c19c0610294ee478242bea356f8c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/97b8c5d322c5c0038cac4bc56fdbe237d0be426f", "url": "https://git.kernel.org/stable/c/97b8c5d322c5c0038cac4bc56fdbe237d0be426f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b7dcda76fd0615c0599c89f36873a6cd48e02dbb", "url": "https://git.kernel.org/stable/c/b7dcda76fd0615c0599c89f36873a6cd48e02dbb" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/de9c4861fb42f0cd72da844c3c34f692d5895b7b", "url": "https://git.kernel.org/stable/c/de9c4861fb42f0cd72da844c3c34f692d5895b7b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ea99b88b1999ebcb24d5d3a6b7910030f40d3bba", "url": "https://git.kernel.org/stable/c/ea99b88b1999ebcb24d5d3a6b7910030f40d3bba" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-08-19T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38699", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bfa: Double-free fix\n\nWhen the bfad_im_probe() function fails during initialization, the memory\npointed to by bfad->im is freed without setting bfad->im to NULL.\n\nSubsequently, during driver uninstallation, when the state machine enters\nthe bfad_sm_stopping state and calls the bfad_im_probe_undo() function,\nit attempts to free the memory pointed to by bfad->im again, thereby\ntriggering a double-free vulnerability.\n\nSet bfad->im to NULL if probing fails.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38699" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/13f613228cf3c96a038424cd97aa4d6aadc66294", "url": "https://git.kernel.org/stable/c/13f613228cf3c96a038424cd97aa4d6aadc66294" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/39cfe2c83146aad956318f866d0ee471b7a61fa5", "url": "https://git.kernel.org/stable/c/39cfe2c83146aad956318f866d0ee471b7a61fa5" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/50d9bd48321038bd6e15af5a454bbcd180cf6f80", "url": "https://git.kernel.org/stable/c/50d9bd48321038bd6e15af5a454bbcd180cf6f80" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/684c92bb08a25ed3c0356bc7eb532ed5b19588dd", "url": "https://git.kernel.org/stable/c/684c92bb08a25ed3c0356bc7eb532ed5b19588dd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8456f862cb95bcc3a831e1ba87c0c17068be0f3f", "url": "https://git.kernel.org/stable/c/8456f862cb95bcc3a831e1ba87c0c17068be0f3f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8e03dd9fadf76db5b9799583074a1a2a54f787f1", "url": "https://git.kernel.org/stable/c/8e03dd9fadf76db5b9799583074a1a2a54f787f1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9337c2affbaebe00b75fdf84ea0e2fcf93c140af", "url": "https://git.kernel.org/stable/c/9337c2affbaebe00b75fdf84ea0e2fcf93c140af" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/add4c4850363d7c1b72e8fce9ccb21fdd2cf5dc9", "url": "https://git.kernel.org/stable/c/add4c4850363d7c1b72e8fce9ccb21fdd2cf5dc9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ba024d92564580bb90ec367248ace8efe16ce815", "url": "https://git.kernel.org/stable/c/ba024d92564580bb90ec367248ace8efe16ce815" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39691", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/buffer: fix use-after-free when call bh_read() helper\n\nThere's issue as follows:\nBUG: KASAN: stack-out-of-bounds in end_buffer_read_sync+0xe3/0x110\nRead of size 8 at addr ffffc9000168f7f8 by task swapper/3/0\nCPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.16.0-862.14.0.6.x86_64\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \n dump_stack_lvl+0x55/0x70\n print_address_description.constprop.0+0x2c/0x390\n print_report+0xb4/0x270\n kasan_report+0xb8/0xf0\n end_buffer_read_sync+0xe3/0x110\n end_bio_bh_io_sync+0x56/0x80\n blk_update_request+0x30a/0x720\n scsi_end_request+0x51/0x2b0\n scsi_io_completion+0xe3/0x480\n ? scsi_device_unbusy+0x11e/0x160\n blk_complete_reqs+0x7b/0x90\n handle_softirqs+0xef/0x370\n irq_exit_rcu+0xa5/0xd0\n sysvec_apic_timer_interrupt+0x6e/0x90\n \n\n Above issue happens when do ntfs3 filesystem mount, issue may happens\n as follows:\n mount IRQ\nntfs_fill_super\n read_cache_page\n do_read_cache_folio\n filemap_read_folio\n mpage_read_folio\n\t do_mpage_readpage\n\t ntfs_get_block_vbo\n\t bh_read\n\t submit_bh\n\t wait_on_buffer(bh);\n\t blk_complete_reqs\n\t\t\t\t scsi_io_completion\n\t\t\t\t scsi_end_request\n\t\t\t\t blk_update_request\n\t\t\t\t end_bio_bh_io_sync\n\t\t\t\t\t end_buffer_read_sync\n\t\t\t\t\t __end_buffer_read_notouch\n\t\t\t\t\t unlock_buffer\n\n wait_on_buffer(bh);--> return will return to caller\n\n\t\t\t\t\t put_bh\n\t\t\t\t\t --> trigger stack-out-of-bounds\nIn the mpage_read_folio() function, the stack variable 'map_bh' is\npassed to ntfs_get_block_vbo(). Once unlock_buffer() unlocks and\nwait_on_buffer() returns to continue processing, the stack variable\nis likely to be reclaimed. Consequently, during the end_buffer_read_sync()\nprocess, calling put_bh() may result in stack overrun.\n\nIf the bh is not allocated on the stack, it belongs to a folio. Freeing\na buffer head which belongs to a folio is done by drop_buffers() which\nwill fail to free buffers which are still locked. So it is safe to call\nput_bh() before __end_buffer_read_notouch().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39691" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/03b40bf5d0389ca23ae6857ee25789f0e0b47ce8", "url": "https://git.kernel.org/stable/c/03b40bf5d0389ca23ae6857ee25789f0e0b47ce8" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/042cf48ecf67f72c8b3846c7fac678f472712ff3", "url": "https://git.kernel.org/stable/c/042cf48ecf67f72c8b3846c7fac678f472712ff3" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/3169edb8945c295cf89120fc6b2c35cfe3ad4c9e", "url": "https://git.kernel.org/stable/c/3169edb8945c295cf89120fc6b2c35cfe3ad4c9e" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/70a09115da586bf662c3bae9c0c4a1b99251fad9", "url": "https://git.kernel.org/stable/c/70a09115da586bf662c3bae9c0c4a1b99251fad9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/7375f22495e7cd1c5b3b5af9dcc4f6dffe34ce49", "url": "https://git.kernel.org/stable/c/7375f22495e7cd1c5b3b5af9dcc4f6dffe34ce49" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/90b5193edb323fefbee0e4e5bc39ed89dcc37719", "url": "https://git.kernel.org/stable/c/90b5193edb323fefbee0e4e5bc39ed89dcc37719" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c58c6b532b7b69537cfd9ef701c7e37cdcf79dc4", "url": "https://git.kernel.org/stable/c/c58c6b532b7b69537cfd9ef701c7e37cdcf79dc4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/c5aa6ba1127307ab5dc3773eaf40d73a3423841f", "url": "https://git.kernel.org/stable/c/c5aa6ba1127307ab5dc3773eaf40d73a3423841f" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-05T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-53521", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix slab-out-of-bounds in ses_intf_remove()\n\nA fix for:\n\nBUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses]\nRead of size 8 at addr ffff88a10d32e5d8 by task rmmod/12013\n\nWhen edev->components is zero, accessing edev->component[0] members is\nwrong.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-53521" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0595cdb587726b4f0fa780eb7462e3679d141e82", "url": "https://git.kernel.org/stable/c/0595cdb587726b4f0fa780eb7462e3679d141e82" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/2fb1fa8425cce2dc4dce298275d22d7077694b73", "url": "https://git.kernel.org/stable/c/2fb1fa8425cce2dc4dce298275d22d7077694b73" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/40af9a6deed723485e05b7d3255a28750692e8db", "url": "https://git.kernel.org/stable/c/40af9a6deed723485e05b7d3255a28750692e8db" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/578797f0c8cbc2e3ec5fc0dab87087b4c7073686", "url": "https://git.kernel.org/stable/c/578797f0c8cbc2e3ec5fc0dab87087b4c7073686" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/76f7050537476ac062ec23a544fbca8270f2d08b", "url": "https://git.kernel.org/stable/c/76f7050537476ac062ec23a544fbca8270f2d08b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/82143faf01dda831b89eccef60c39ef8575ab08a", "url": "https://git.kernel.org/stable/c/82143faf01dda831b89eccef60c39ef8575ab08a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/87e47be38d205df338c52ead43f23b2864567423", "url": "https://git.kernel.org/stable/c/87e47be38d205df338c52ead43f23b2864567423" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8f9542cad6c27297c8391de3a659f0b7948495d0", "url": "https://git.kernel.org/stable/c/8f9542cad6c27297c8391de3a659f0b7948495d0" } ], "release_date": "2025-10-01T12:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38680", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()\n\nThe buffer length check before calling uvc_parse_format() only ensured\nthat the buffer has at least 3 bytes (buflen > 2), buf the function\naccesses buffer[3], requiring at least 4 bytes.\n\nThis can lead to an out-of-bounds read if the buffer has exactly 3 bytes.\n\nFix it by checking that the buffer has at least 4 bytes in\nuvc_parse_format().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38680" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1e269581b3aa5962fdc52757ab40da286168c087", "url": "https://git.kernel.org/stable/c/1e269581b3aa5962fdc52757ab40da286168c087" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/424980d33b3f816485513e538610168b03fab9f1", "url": "https://git.kernel.org/stable/c/424980d33b3f816485513e538610168b03fab9f1" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6d4a7c0b296162354b6fc759a1475b9d57ddfaa6", "url": "https://git.kernel.org/stable/c/6d4a7c0b296162354b6fc759a1475b9d57ddfaa6" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/782b6a718651eda3478b1824b37a8b3185d2740c", "url": "https://git.kernel.org/stable/c/782b6a718651eda3478b1824b37a8b3185d2740c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8343f3fe0b755925f83d60b05e92bf4396879758", "url": "https://git.kernel.org/stable/c/8343f3fe0b755925f83d60b05e92bf4396879758" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9ad554217c9b945031c73df4e8176a475e2dea57", "url": "https://git.kernel.org/stable/c/9ad554217c9b945031c73df4e8176a475e2dea57" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9", "url": "https://git.kernel.org/stable/c/a97e062e4ff3dab84a2f1eb811e9eddc6699e2a9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cac702a439050df65272c49184aef7975fe3eff2", "url": "https://git.kernel.org/stable/c/cac702a439050df65272c49184aef7975fe3eff2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ffdd82182953df643aa63d999b6f1653d0c93778", "url": "https://git.kernel.org/stable/c/ffdd82182953df643aa63d999b6f1653d0c93778" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39971", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\ni40e: fix idx validation in config queues msg\nEnsure idx is within range of active/initialized TCs when iterating over\nvf->ch[idx] in i40e_vc_config_queues_msg().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39971" } ], "release_date": "2025-10-15T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-38685", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Fix vmalloc out-of-bounds write in fast_imageblit\n\nThis issue triggers when a userspace program does an ioctl\nFBIOPUT_CON2FBMAP by passing console number and frame buffer number.\nIdeally this maps console to frame buffer and updates the screen if\nconsole is visible.\n\nAs part of mapping it has to do resize of console according to frame\nbuffer info. if this resize fails and returns from vc_do_resize() and\ncontinues further. At this point console and new frame buffer are mapped\nand sets display vars. Despite failure still it continue to proceed\nupdating the screen at later stages where vc_data is related to previous\nframe buffer and frame buffer info and display vars are mapped to new\nframe buffer and eventully leading to out-of-bounds write in\nfast_imageblit(). This bheviour is excepted only when fg_console is\nequal to requested console which is a visible console and updates screen\nwith invalid struct references in fbcon_putcs().", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38685" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/078e62bffca4b7e72e8f3550eb063ab981c36c7a", "url": "https://git.kernel.org/stable/c/078e62bffca4b7e72e8f3550eb063ab981c36c7a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/27b118aebdd84161c8ff5ce49d9d536f2af10754", "url": "https://git.kernel.org/stable/c/27b118aebdd84161c8ff5ce49d9d536f2af10754" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4c4d7ddaf1d43780b106bedc692679f965dc5a3a", "url": "https://git.kernel.org/stable/c/4c4d7ddaf1d43780b106bedc692679f965dc5a3a" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/56701bf9eeb63219e378cb7fcbd066ea4eaeeb50", "url": "https://git.kernel.org/stable/c/56701bf9eeb63219e378cb7fcbd066ea4eaeeb50" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/af0db3c1f898144846d4c172531a199bb3ca375d", "url": "https://git.kernel.org/stable/c/af0db3c1f898144846d4c172531a199bb3ca375d" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cfec17721265e72e50cc69c6004fe3475cd38df2", "url": "https://git.kernel.org/stable/c/cfec17721265e72e50cc69c6004fe3475cd38df2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/ed9b8e5016230868c8d813d9179523f729fec8c6", "url": "https://git.kernel.org/stable/c/ed9b8e5016230868c8d813d9179523f729fec8c6" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-04T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2024-36934", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don't\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-36934" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32", "url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9", "url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35", "url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4", "url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd", "url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f", "url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147", "url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91", "url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240912-0007/", "url": "https://security.netapp.com/advisory/ntap-20240912-0007/" } ], "release_date": "2024-05-30T16:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-39760", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-39760" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/058ad2b722812708fe90567875704ae36563e33b", "url": "https://git.kernel.org/stable/c/058ad2b722812708fe90567875704ae36563e33b" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/4fe6f472f0beef4281e6f03bc38a910a33be663f", "url": "https://git.kernel.org/stable/c/4fe6f472f0beef4281e6f03bc38a910a33be663f" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5badd56c711e2c8371d1670f9bd486697575423c", "url": "https://git.kernel.org/stable/c/5badd56c711e2c8371d1670f9bd486697575423c" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/5c3097ede7835d3caf6543eb70ff689af4550cd2", "url": "https://git.kernel.org/stable/c/5c3097ede7835d3caf6543eb70ff689af4550cd2" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9512510cee7d1becdb0e9413fdd3ab783e4e30ee", "url": "https://git.kernel.org/stable/c/9512510cee7d1becdb0e9413fdd3ab783e4e30ee" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/9843bcb187cb933861f7805022e6873905f669e4", "url": "https://git.kernel.org/stable/c/9843bcb187cb933861f7805022e6873905f669e4" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/b10e0f868067c6f25bbfabdcf3e1e6432c24ca55", "url": "https://git.kernel.org/stable/c/b10e0f868067c6f25bbfabdcf3e1e6432c24ca55" }, { "category": "external", "summary": "https://git.kernel.org/stable/c/cf16f408364efd8a68f39011a3b073c83a03612d", "url": "https://git.kernel.org/stable/c/cf16f408364efd8a68f39011a3b073c83a03612d" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html", "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "release_date": "2025-09-11T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-02-16T11:21:01.514763Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859", "product_ids": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1771240859" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:bpftool-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.144.1.el7.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }