{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/rhel7els/vex/2025/cve-2025-38229-els_os-rhel7els.json" } ], "title": "Security update on CVE-2025-38229", "tracking": { "current_release_date": "2025-12-23T22:15:38Z", "generator": { "date": "2025-12-23T22:15:38Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2025-38229-ELS_OS-RHEL7ELS", "initial_release_date": "2025-07-04T00:00:00Z", "revision_history": [ { "date": "2025-07-04T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2025-09-12T16:24:07Z", "number": "2", "summary": "Official Publication" }, { "date": "2025-12-23T22:15:38Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux 7", "product": { "name": "Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7", "product_identification_helper": { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs-devel@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug-devel@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/python-perf@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/perf@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/bpftool@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools-libs@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-devel@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-debug@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-headers@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } }, { "category": "product_version", "name": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product": { "name": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_id": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/kernel-tools@3.10.0-1160.136.1.el7.tuxcare.els24?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" }, { "category": "default_component_of", "full_product_name": { "name": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64 as a component of Red Hat Enterprise Linux 7", "product_id": "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" }, "product_reference": "kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "relates_to_product_reference": "Red-Hat-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-38229", "notes": [ { "category": "description", "text": "In the Linux kernel, the following vulnerability has been resolved:\nmedia: cxusb: no longer judge rbuf when the write fails\nsyzbot reported a uninit-value in cxusb_i2c_xfer. [1]\nOnly when the write operation of usb_bulk_msg() in dvb_usb_generic_rw()\nsucceeds and rlen is greater than 0, the read operation of usb_bulk_msg()\nwill be executed to read rlen bytes of data from the dvb device into the\nrbuf.\nIn this case, although rlen is 1, the write operation failed which resulted\nin the dvb read operation not being executed, and ultimately variable i was\nnot initialized.\n[1]\nBUG: KMSAN: uninit-value in cxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\nBUG: KMSAN: uninit-value in cxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\ncxusb_gpio_tuner drivers/media/usb/dvb-usb/cxusb.c:124 [inline]\ncxusb_i2c_xfer+0x153a/0x1a60 drivers/media/usb/dvb-usb/cxusb.c:196\n__i2c_transfer+0xe25/0x3150 drivers/i2c/i2c-core-base.c:-1\ni2c_transfer+0x317/0x4a0 drivers/i2c/i2c-core-base.c:2315\ni2c_transfer_buffer_flags+0x125/0x1e0 drivers/i2c/i2c-core-base.c:2343\ni2c_master_send include/linux/i2c.h:109 [inline]\ni2cdev_write+0x210/0x280 drivers/i2c/i2c-dev.c:183\ndo_loop_readv_writev fs/read_write.c:848 [inline]\nvfs_writev+0x963/0x14e0 fs/read_write.c:1057\ndo_writev+0x247/0x5c0 fs/read_write.c:1101\n__do_sys_writev fs/read_write.c:1169 [inline]\n__se_sys_writev fs/read_write.c:1166 [inline]\n__x64_sys_writev+0x98/0xe0 fs/read_write.c:1166\nx64_sys_call+0x2229/0x3c80 arch/x86/include/generated/asm/syscalls_64.h:21\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x1e0 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-38229" } ], "release_date": "2025-07-04T00:00:00", "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red-Hat-7:kernel-tools-libs-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-debug-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:python-perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:perf-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:bpftool-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-tools-libs-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-devel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-debug-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-headers-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64", "Red-Hat-7:kernel-tools-0:3.10.0-1160.136.1.el7.tuxcare.els24.x86_64" ] } ], "threats": [ { "category": "impact", "details": "High" } ] } ] }