csaf_redhat - rhsa-2025:12753

rhsa-2025:12753

Vulnerability from csaf_redhat

Published

2025-08-04 16:27

Modified

2025-08-20 09:06

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928) * kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890) * kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)\n\n* kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020)\n\n* kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)\n\n* kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052)\n\n* kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)\n\n* kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:12753",
        "url": "https://access.redhat.com/errata/RHSA-2025:12753"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2356592",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356592"
      },
      {
        "category": "external",
        "summary": "2360099",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360099"
      },
      {
        "category": "external",
        "summary": "2366848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366848"
      },
      {
        "category": "external",
        "summary": "2373380",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373380"
      },
      {
        "category": "external",
        "summary": "2373383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373383"
      },
      {
        "category": "external",
        "summary": "2373630",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373630"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_12753.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2025-08-20T09:06:36+00:00",
      "generator": {
        "date": "2025-08-20T09:06:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.6"
        }
      },
      "id": "RHSA-2025:12753",
      "initial_release_date": "2025-08-04T16:27:12+00:00",
      "revision_history": [
        {
          "date": "2025-08-04T16:27:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-08-04T16:27:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-08-20T09:06:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux NFV (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux NFV (v. 8)",
                  "product_id": "NFV-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux RT (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux RT (v. 8)",
                  "product_id": "RT-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
                "product": {
                  "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
                  "product_id": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.66.1.rt7.407.el8_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-553.66.1.rt7.407.el8_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-50020",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "discovery_date": "2025-06-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2373630"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid resizing to a partial cluster size\n\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary.  An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ext4: avoid resizing to a partial cluster size",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-50020"
        },
        {
          "category": "external",
          "summary": "RHBZ#2373630",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373630"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-50020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-50020"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50020",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50020"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025061835-CVE-2022-50020-6f27@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025061835-CVE-2022-50020-6f27@gregkh/T"
        }
      ],
      "release_date": "2025-06-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-08-04T16:27:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:12753"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: ext4: avoid resizing to a partial cluster size"
    },
    {
      "cve": "CVE-2025-21928",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-04-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2356592"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-21928"
        },
        {
          "category": "external",
          "summary": "RHBZ#2356592",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356592"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-21928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21928",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21928"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21928-e444@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21928-e444@gregkh/T"
        }
      ],
      "release_date": "2025-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-08-04T16:27:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:12753"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()"
    },
    {
      "cve": "CVE-2025-22020",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-04-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2360099"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G            E      6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22020"
        },
        {
          "category": "external",
          "summary": "RHBZ#2360099",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360099"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22020",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22020",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22020"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025041642-CVE-2025-22020-70e8@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025041642-CVE-2025-22020-70e8@gregkh/T"
        }
      ],
      "release_date": "2025-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-08-04T16:27:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:12753"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove"
    },
    {
      "cve": "CVE-2025-37890",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-05-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2366848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability has been identified in the Linux kernel\u0027s HFSC (Hierarchical Fair Service Curve) queuing discipline when it is configured with NETEM (Network Emulation) as a child. This flaw can lead to a kernel panic or crash due to incorrect assumptions about the queue state.\n\nExploitation of this vulnerability requires local access with CAP_NET_ADMIN privileges and control over the qdisc (queueing discipline) setup. A local attacker could leverage this flaw to achieve denial of service or escalate privileges. Given that it affects kernel memory structures, successful exploitation could result in memory corruption, data leaks, or arbitrary write capabilities, leading to a full kernel crash.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "On Red Hat Enterprise Linux 8 and later releases, regular (non-root) users can exploit this issue by abusing unprivileged user namespaces. Red Hat Enterprise Linux 6 and 7 are not affected by this CVE because they did not include the upstream commit that introduced the CVE (37d9cf1).",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-37890"
        },
        {
          "category": "external",
          "summary": "RHBZ#2366848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-37890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-37890",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37890"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025051617-CVE-2025-37890-437b@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025051617-CVE-2025-37890-437b@gregkh/T"
        }
      ],
      "release_date": "2025-05-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-08-04T16:27:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:12753"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module sch_hfsc from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc"
    },
    {
      "cve": "CVE-2025-38052",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-06-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2373380"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Linux kernel\u0027s management of network namespaces. By manipulating the lifecycle of network namespaces, an attacker could exploit this vulnerability to cause a system crash or leak sensitive system memory. Exploitation of this vulnerability requires that a user has access to the system and the ability to create or destroy network namespaces. This typically requires administrative privileges, but could be exposed to an unprivileged user who has control over container lifecycles or a user who has administrative privileges within a container.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A slab-use-after-free vulnerability exists in the TIPC crypto subsystem in the Linux kernel. The bug is triggered when a network namespace is deleted while an asynchronous crypto operation is still pending, resulting in access to freed memory from a delayed worker context. The vulnerability requires local privileges to create and manipulate network namespaces and configure TIPC crypto bearers, which justifies the use of PR:L. Despite this, the impact on system memory and stability is significant due to the asynchronous nature of the cryptographic operation. Although not directly reachable from an unprivileged user context, this issue can be exploited by a local attacker with limited privileges, for example, in a container, to crash the kernel or perform arbitrary memory access via crafted namespace lifecycle manipulation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-38052"
        },
        {
          "category": "external",
          "summary": "RHBZ#2373380",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373380"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-38052",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38052"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38052",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38052"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025061832-CVE-2025-38052-6201@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025061832-CVE-2025-38052-6201@gregkh/T"
        }
      ],
      "release_date": "2025-06-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-08-04T16:27:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:12753"
        },
        {
          "category": "workaround",
          "details": "Mitigation of this issue requires restricting access to the ability to create, modify, or destroy network namespaces. By default, this ability is restricted to privileged users. However, that restriction is only applicable to the host system itself and not to containerized applications. Administrators of container hosts should ensure that only trusted accounts can run containers.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done"
    },
    {
      "cve": "CVE-2025-38079",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "discovery_date": "2025-06-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2373383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: crypto: algif_hash - fix double free in hash_accept",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-38079"
        },
        {
          "category": "external",
          "summary": "RHBZ#2373383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-38079",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38079"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38079",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38079"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025061841-CVE-2025-38079-7fa5@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025061841-CVE-2025-38079-7fa5@gregkh/T"
        }
      ],
      "release_date": "2025-06-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-08-04T16:27:12+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:12753"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.66.1.rt7.407.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: crypto: algif_hash - fix double free in hash_accept"
    }
  ]
}

CVE-2025-38052 (GCVE-0-2025-38052)

Vulnerability from cvelistv5

Published

2025-06-18 09:33

Modified

2025-06-18 09:33

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25 Call Trace: kasan_report+0xd9/0x110 mm/kasan/report.c:601 tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840 crypto_request_complete include/crypto/algapi.h:266 aead_request_complete include/crypto/internal/aead.h:85 cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772 crypto_request_complete include/crypto/algapi.h:266 cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 Allocated by task 8355: kzalloc_noprof include/linux/slab.h:778 tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466 tipc_init_net+0x2dd/0x430 net/tipc/core.c:72 ops_init+0xb9/0x650 net/core/net_namespace.c:139 setup_net+0x435/0xb40 net/core/net_namespace.c:343 copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508 create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228 ksys_unshare+0x419/0x970 kernel/fork.c:3323 __do_sys_unshare kernel/fork.c:3394 Freed by task 63: kfree+0x12a/0x3b0 mm/slub.c:4557 tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539 tipc_exit_net+0x8c/0x110 net/tipc/core.c:119 ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173 cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 After freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done may still visit it in cryptd_queue_worker workqueue. I reproduce this issue by: ip netns add ns1 ip link add veth1 type veth peer name veth2 ip link set veth1 netns ns1 ip netns exec ns1 tipc bearer enable media eth dev veth1 ip netns exec ns1 tipc node set key this_is_a_master_key master ip netns exec ns1 tipc bearer disable media eth dev veth1 ip netns del ns1 The key of reproduction is that, simd_aead_encrypt is interrupted, leading to crypto_simd_usable() return false. Thus, the cryptd_queue_worker is triggered, and the tipc_crypto tx will be visited. tipc_disc_timeout tipc_bearer_xmit_skb tipc_crypto_xmit tipc_aead_encrypt crypto_aead_encrypt // encrypt() simd_aead_encrypt // crypto_simd_usable() is false child = &ctx->cryptd_tfm->base; simd_aead_encrypt crypto_aead_encrypt // encrypt() cryptd_aead_encrypt_enqueue cryptd_aead_enqueue cryptd_enqueue_request // trigger cryptd_queue_worker queue_work_on(smp_processor_id(), cryptd_wq, &cpu_queue->work) Fix this by holding net reference count before encrypt.

References

►

URL

Tags

	https://git.kernel.org/stable/c/d42ed4de6aba232d946d20653a70f79158a6535b
	https://git.kernel.org/stable/c/f5c2c4eaaa5a8e7e0685ec031d480e588e263e59
	https://git.kernel.org/stable/c/b8fcae6d2e93c54cacb8f579a77d827c1c643eb5
	https://git.kernel.org/stable/c/b19fc1d0be3c3397e5968fe2627f22e7f84673b1
	https://git.kernel.org/stable/c/689a205cd968a1572ab561b0c4c2d50a10e9d3b0
	https://git.kernel.org/stable/c/4a0fddc2c0d5c28aec8c262ad4603be0bef1938c
	https://git.kernel.org/stable/c/e279024617134c94fd3e37470156534d5f2b3472

Impacted products

Vendor

Product

Version

►

Linux

Version: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0
Version: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0
Version: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0
Version: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0
Version: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0
Version: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0
Version: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0

Linux

Version: 5.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/crypto.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d42ed4de6aba232d946d20653a70f79158a6535b",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "f5c2c4eaaa5a8e7e0685ec031d480e588e263e59",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "b8fcae6d2e93c54cacb8f579a77d827c1c643eb5",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "b19fc1d0be3c3397e5968fe2627f22e7f84673b1",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "689a205cd968a1572ab561b0c4c2d50a10e9d3b0",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "4a0fddc2c0d5c28aec8c262ad4603be0bef1938c",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            },
            {
              "lessThan": "e279024617134c94fd3e37470156534d5f2b3472",
              "status": "affected",
              "version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/crypto.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.185",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.141",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.185",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.141",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.93",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.31",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done\n\nSyzbot reported a slab-use-after-free with the following call trace:\n\n  ==================================================================\n  BUG: KASAN: slab-use-after-free in tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n  Read of size 8 at addr ffff88807a733000 by task kworker/1:0/25\n\n  Call Trace:\n   kasan_report+0xd9/0x110 mm/kasan/report.c:601\n   tipc_aead_encrypt_done+0x4bd/0x510 net/tipc/crypto.c:840\n   crypto_request_complete include/crypto/algapi.h:266\n   aead_request_complete include/crypto/internal/aead.h:85\n   cryptd_aead_crypt+0x3b8/0x750 crypto/cryptd.c:772\n   crypto_request_complete include/crypto/algapi.h:266\n   cryptd_queue_worker+0x131/0x200 crypto/cryptd.c:181\n   process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\n  Allocated by task 8355:\n   kzalloc_noprof include/linux/slab.h:778\n   tipc_crypto_start+0xcc/0x9e0 net/tipc/crypto.c:1466\n   tipc_init_net+0x2dd/0x430 net/tipc/core.c:72\n   ops_init+0xb9/0x650 net/core/net_namespace.c:139\n   setup_net+0x435/0xb40 net/core/net_namespace.c:343\n   copy_net_ns+0x2f0/0x670 net/core/net_namespace.c:508\n   create_new_namespaces+0x3ea/0xb10 kernel/nsproxy.c:110\n   unshare_nsproxy_namespaces+0xc0/0x1f0 kernel/nsproxy.c:228\n   ksys_unshare+0x419/0x970 kernel/fork.c:3323\n   __do_sys_unshare kernel/fork.c:3394\n\n  Freed by task 63:\n   kfree+0x12a/0x3b0 mm/slub.c:4557\n   tipc_crypto_stop+0x23c/0x500 net/tipc/crypto.c:1539\n   tipc_exit_net+0x8c/0x110 net/tipc/core.c:119\n   ops_exit_list+0xb0/0x180 net/core/net_namespace.c:173\n   cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n   process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n\nAfter freed the tipc_crypto tx by delete namespace, tipc_aead_encrypt_done\nmay still visit it in cryptd_queue_worker workqueue.\n\nI reproduce this issue by:\n  ip netns add ns1\n  ip link add veth1 type veth peer name veth2\n  ip link set veth1 netns ns1\n  ip netns exec ns1 tipc bearer enable media eth dev veth1\n  ip netns exec ns1 tipc node set key this_is_a_master_key master\n  ip netns exec ns1 tipc bearer disable media eth dev veth1\n  ip netns del ns1\n\nThe key of reproduction is that, simd_aead_encrypt is interrupted, leading\nto crypto_simd_usable() return false. Thus, the cryptd_queue_worker is\ntriggered, and the tipc_crypto tx will be visited.\n\n  tipc_disc_timeout\n    tipc_bearer_xmit_skb\n      tipc_crypto_xmit\n        tipc_aead_encrypt\n          crypto_aead_encrypt\n            // encrypt()\n            simd_aead_encrypt\n              // crypto_simd_usable() is false\n              child = \u0026ctx-\u003ecryptd_tfm-\u003ebase;\n\n  simd_aead_encrypt\n    crypto_aead_encrypt\n      // encrypt()\n      cryptd_aead_encrypt_enqueue\n        cryptd_aead_enqueue\n          cryptd_enqueue_request\n            // trigger cryptd_queue_worker\n            queue_work_on(smp_processor_id(), cryptd_wq, \u0026cpu_queue-\u003ework)\n\nFix this by holding net reference count before encrypt."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T09:33:33.427Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d42ed4de6aba232d946d20653a70f79158a6535b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5c2c4eaaa5a8e7e0685ec031d480e588e263e59"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8fcae6d2e93c54cacb8f579a77d827c1c643eb5"
        },
        {
          "url": "https://git.kernel.org/stable/c/b19fc1d0be3c3397e5968fe2627f22e7f84673b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/689a205cd968a1572ab561b0c4c2d50a10e9d3b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a0fddc2c0d5c28aec8c262ad4603be0bef1938c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e279024617134c94fd3e37470156534d5f2b3472"
        }
      ],
      "title": "net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38052",
    "datePublished": "2025-06-18T09:33:33.427Z",
    "dateReserved": "2025-04-16T04:51:23.979Z",
    "dateUpdated": "2025-06-18T09:33:33.427Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-21928 (GCVE-0-2025-21928)

Vulnerability from cvelistv5

Published

2025-04-01 15:40

Modified

2025-05-04 07:24

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_data` when it calls `hid_ishtp_set_feature()` to power off the sensor, so freeing `driver_data` beforehand can result in accessing invalid memory. This patch resolves the issue by storing the `driver_data` in a temporary variable before calling `hid_destroy_device()`, and then freeing the `driver_data` after the device is destroyed.

References

►

URL

Tags

	https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d
	https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625
	https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60
	https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394
	https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada
	https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e
	https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9
	https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f

Impacted products

Vendor

Product

Version

►

Linux

Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6
Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6
Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6
Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6
Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6
Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6
Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6
Version: 0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6

Linux

Version: 4.9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21928",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T13:15:05.405186Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T13:19:52.863Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/intel-ish-hid/ishtp-hid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            },
            {
              "lessThan": "d3faae7f42181865c799d88c5054176f38ae4625",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            },
            {
              "lessThan": "01b18a330cda61cc21423a7d1af92cf31ded8f60",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            },
            {
              "lessThan": "cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            },
            {
              "lessThan": "560f4d1299342504a6ab8a47f575b5e6b8345ada",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            },
            {
              "lessThan": "dea6a349bcaf243fff95dfd0428a26be6a0fb44e",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            },
            {
              "lessThan": "eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            },
            {
              "lessThan": "07583a0010696a17fb0942e0b499a62785c5fc9f",
              "status": "affected",
              "version": "0b28cb4bcb17dcb5fe0763fc3e1a94398b8f6cf6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/intel-ish-hid/ishtp-hid.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.131",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.291",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.235",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.131",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.83",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.19",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.7",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:24:45.899Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0c1fb475ef999d6c22fc3f963fdf20cb3ed1b03d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3faae7f42181865c799d88c5054176f38ae4625"
        },
        {
          "url": "https://git.kernel.org/stable/c/01b18a330cda61cc21423a7d1af92cf31ded8f60"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf1a6015d2f6b1f0afaa0fd6a0124ff2c7943394"
        },
        {
          "url": "https://git.kernel.org/stable/c/560f4d1299342504a6ab8a47f575b5e6b8345ada"
        },
        {
          "url": "https://git.kernel.org/stable/c/dea6a349bcaf243fff95dfd0428a26be6a0fb44e"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb0695d87a81e7c1f0509b7d8ee7c65fbc26aec9"
        },
        {
          "url": "https://git.kernel.org/stable/c/07583a0010696a17fb0942e0b499a62785c5fc9f"
        }
      ],
      "title": "HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21928",
    "datePublished": "2025-04-01T15:40:59.033Z",
    "dateReserved": "2024-12-29T08:45:45.788Z",
    "dateUpdated": "2025-05-04T07:24:45.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-50020 (GCVE-0-2022-50020)

Vulnerability from cvelistv5

Published

2025-06-18 11:01

Modified

2025-06-18 11:01

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in the last iteration attempting to grow the fs by a negative amount, which trips a BUG_ON and leaves the fs with a corrupted in-memory superblock.

References

►

URL

Tags

	https://git.kernel.org/stable/c/53f62a4201be1cfc1e3c971e566888b182c3ffb0
	https://git.kernel.org/stable/c/952b3dc02baaae6a69c71c0aca23e06741182d9a
	https://git.kernel.org/stable/c/7bdfb01fc5f6b3696728aeb527c50386e0ee09a1
	https://git.kernel.org/stable/c/a6805b3dcf5cd41f2ae3a03dca43411135b99849
	https://git.kernel.org/stable/c/80288883294c5b4ed18bae0d8bd9c4a12f297074
	https://git.kernel.org/stable/c/72b850a2a996f72541172e7cf686d54a2b29bcd8
	https://git.kernel.org/stable/c/0082e99a9074ff88eff729c70c93454c8588d8e1
	https://git.kernel.org/stable/c/69cb8e9d8cd97cdf5e293b26d70a9dee3e35e6bd

Impacted products

Vendor

Product

Version

►

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/resize.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "53f62a4201be1cfc1e3c971e566888b182c3ffb0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "952b3dc02baaae6a69c71c0aca23e06741182d9a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7bdfb01fc5f6b3696728aeb527c50386e0ee09a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a6805b3dcf5cd41f2ae3a03dca43411135b99849",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "80288883294c5b4ed18bae0d8bd9c4a12f297074",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "72b850a2a996f72541172e7cf686d54a2b29bcd8",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "0082e99a9074ff88eff729c70c93454c8588d8e1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "69cb8e9d8cd97cdf5e293b26d70a9dee3e35e6bd",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/resize.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.326",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.291",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.256",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.211",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.63",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.19.*",
              "status": "unaffected",
              "version": "5.19.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.0",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.326",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.291",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.256",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.211",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.138",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.63",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.19.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid resizing to a partial cluster size\n\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary.  An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T11:01:24.227Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/53f62a4201be1cfc1e3c971e566888b182c3ffb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/952b3dc02baaae6a69c71c0aca23e06741182d9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7bdfb01fc5f6b3696728aeb527c50386e0ee09a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6805b3dcf5cd41f2ae3a03dca43411135b99849"
        },
        {
          "url": "https://git.kernel.org/stable/c/80288883294c5b4ed18bae0d8bd9c4a12f297074"
        },
        {
          "url": "https://git.kernel.org/stable/c/72b850a2a996f72541172e7cf686d54a2b29bcd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0082e99a9074ff88eff729c70c93454c8588d8e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/69cb8e9d8cd97cdf5e293b26d70a9dee3e35e6bd"
        }
      ],
      "title": "ext4: avoid resizing to a partial cluster size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-50020",
    "datePublished": "2025-06-18T11:01:24.227Z",
    "dateReserved": "2025-06-18T10:57:27.393Z",
    "dateUpdated": "2025-06-18T11:01:24.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22020 (GCVE-0-2025-22020)

Vulnerability from cvelistv5

Published

2025-04-16 10:20

Modified

2025-05-26 05:16

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] Read of size 8 at addr ffff888136335380 by task kworker/6:0/140241 CPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G E 6.14.0-rc6+ #1 Tainted: [E]=UNSIGNED_MODULE Hardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024 Workqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms] Call Trace: <TASK> dump_stack_lvl+0x51/0x70 print_address_description.constprop.0+0x27/0x320 ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] print_report+0x3e/0x70 kasan_report+0xab/0xe0 ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms] ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms] ? __pfx___schedule+0x10/0x10 ? kick_pool+0x3b/0x270 process_one_work+0x357/0x660 worker_thread+0x390/0x4c0 ? __pfx_worker_thread+0x10/0x10 kthread+0x190/0x1d0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 161446: kasan_save_stack+0x20/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0x7b/0x90 __kmalloc_noprof+0x1a7/0x470 memstick_alloc_host+0x1f/0xe0 [memstick] rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms] platform_probe+0x60/0xe0 call_driver_probe+0x35/0x120 really_probe+0x123/0x410 __driver_probe_device+0xc7/0x1e0 driver_probe_device+0x49/0xf0 __device_attach_driver+0xc6/0x160 bus_for_each_drv+0xe4/0x160 __device_attach+0x13a/0x2b0 bus_probe_device+0xbd/0xd0 device_add+0x4a5/0x760 platform_device_add+0x189/0x370 mfd_add_device+0x587/0x5e0 mfd_add_devices+0xb1/0x130 rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb] usb_probe_interface+0x15c/0x460 call_driver_probe+0x35/0x120 really_probe+0x123/0x410 __driver_probe_device+0xc7/0x1e0 driver_probe_device+0x49/0xf0 __device_attach_driver+0xc6/0x160 bus_for_each_drv+0xe4/0x160 __device_attach+0x13a/0x2b0 rebind_marked_interfaces.isra.0+0xcc/0x110 usb_reset_device+0x352/0x410 usbdev_do_ioctl+0xe5c/0x1860 usbdev_ioctl+0xa/0x20 __x64_sys_ioctl+0xc5/0xf0 do_syscall_64+0x59/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 161506: kasan_save_stack+0x20/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x36/0x60 __kasan_slab_free+0x34/0x50 kfree+0x1fd/0x3b0 device_release+0x56/0xf0 kobject_cleanup+0x73/0x1c0 rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms] platform_remove+0x2f/0x50 device_release_driver_internal+0x24b/0x2e0 bus_remove_device+0x124/0x1d0 device_del+0x239/0x530 platform_device_del.part.0+0x19/0xe0 platform_device_unregister+0x1c/0x40 mfd_remove_devices_fn+0x167/0x170 device_for_each_child_reverse+0xc9/0x130 mfd_remove_devices+0x6e/0xa0 rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb] usb_unbind_interface+0xf3/0x3f0 device_release_driver_internal+0x24b/0x2e0 proc_disconnect_claim+0x13d/0x220 usbdev_do_ioctl+0xb5e/0x1860 usbdev_ioctl+0xa/0x20 __x64_sys_ioctl+0xc5/0xf0 do_syscall_64+0x59/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Last potentially related work creation: kasan_save_stack+0x20/0x40 kasan_record_aux_stack+0x85/0x90 insert_work+0x29/0x100 __queue_work+0x34a/0x540 call_timer_fn+0x2a/0x160 expire_timers+0x5f/0x1f0 __run_timer_base.part.0+0x1b6/0x1e0 run_timer_softirq+0x8b/0xe0 handle_softirqs+0xf9/0x360 __irq_exit_rcu+0x114/0x130 sysvec_apic_timer_interrupt+0x72/0x90 asm_sysvec_apic_timer_interrupt+0x16/0x20 Second to last potentially related work creation: kasan_save_stack+0x20/0x40 kasan_record_aux_stack+0x85/0x90 insert_work+0x29/0x100 __queue_work+0x34a/0x540 call_timer_fn+0x2a/0x160 expire_timers+0x5f/0x1f0 __run_timer_base.part.0+0x1b6/0x1e0 run_timer_softirq+0x8b/0xe0 handle_softirqs+0xf9/0x ---truncated---

References

►

URL

Tags

	https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185
	https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439
	https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d
	https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21
	https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841
	https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab
	https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469
	https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050
	https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632

Impacted products

Vendor

Product

Version

►

Linux

Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9
Version: 6827ca573c03385439fdfc8b512d556dc7c54fc9

Linux

Version: 5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/memstick/host/rtsx_usb_ms.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "9dfaf4d723c62bda8d9d1340e2e78acf0c190439",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "31f0eaed6914333f42501fc7e0f6830879f5ef2d",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "52d942a5302eefb3b7a3bfee310a5a33feeedc21",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "6186fb2cd36317277a8423687982140a7f3f7841",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "b094e8e3988e02e8cef7a756c8d2cea9c12509ab",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "0067cb7d7e7c277e91a0887a3c24e71462379469",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "75123adf204f997e11bbddee48408c284f51c050",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            },
            {
              "lessThan": "4676741a3464b300b486e70585c3c9b692be1632",
              "status": "affected",
              "version": "6827ca573c03385439fdfc8b512d556dc7c54fc9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/memstick/host/rtsx_usb_ms.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.292",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.236",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.180",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.133",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.22",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.292",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.236",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.180",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.133",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.86",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.22",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.10",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.1",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove\n\nThis fixes the following crash:\n\n==================================================================\nBUG: KASAN: slab-use-after-free in rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\nRead of size 8 at addr ffff888136335380 by task kworker/6:0/140241\n\nCPU: 6 UID: 0 PID: 140241 Comm: kworker/6:0 Kdump: loaded Tainted: G            E      6.14.0-rc6+ #1\nTainted: [E]=UNSIGNED_MODULE\nHardware name: LENOVO 30FNA1V7CW/1057, BIOS S0EKT54A 07/01/2024\nWorkqueue: events rtsx_usb_ms_poll_card [rtsx_usb_ms]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x27/0x320\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n print_report+0x3e/0x70\n kasan_report+0xab/0xe0\n ? rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n rtsx_usb_ms_poll_card+0x159/0x200 [rtsx_usb_ms]\n ? __pfx_rtsx_usb_ms_poll_card+0x10/0x10 [rtsx_usb_ms]\n ? __pfx___schedule+0x10/0x10\n ? kick_pool+0x3b/0x270\n process_one_work+0x357/0x660\n worker_thread+0x390/0x4c0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x190/0x1d0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2d/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 161446:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x7b/0x90\n __kmalloc_noprof+0x1a7/0x470\n memstick_alloc_host+0x1f/0xe0 [memstick]\n rtsx_usb_ms_drv_probe+0x47/0x320 [rtsx_usb_ms]\n platform_probe+0x60/0xe0\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n bus_probe_device+0xbd/0xd0\n device_add+0x4a5/0x760\n platform_device_add+0x189/0x370\n mfd_add_device+0x587/0x5e0\n mfd_add_devices+0xb1/0x130\n rtsx_usb_probe+0x28e/0x2e0 [rtsx_usb]\n usb_probe_interface+0x15c/0x460\n call_driver_probe+0x35/0x120\n really_probe+0x123/0x410\n __driver_probe_device+0xc7/0x1e0\n driver_probe_device+0x49/0xf0\n __device_attach_driver+0xc6/0x160\n bus_for_each_drv+0xe4/0x160\n __device_attach+0x13a/0x2b0\n rebind_marked_interfaces.isra.0+0xcc/0x110\n usb_reset_device+0x352/0x410\n usbdev_do_ioctl+0xe5c/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFreed by task 161506:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x36/0x60\n __kasan_slab_free+0x34/0x50\n kfree+0x1fd/0x3b0\n device_release+0x56/0xf0\n kobject_cleanup+0x73/0x1c0\n rtsx_usb_ms_drv_remove+0x13d/0x220 [rtsx_usb_ms]\n platform_remove+0x2f/0x50\n device_release_driver_internal+0x24b/0x2e0\n bus_remove_device+0x124/0x1d0\n device_del+0x239/0x530\n platform_device_del.part.0+0x19/0xe0\n platform_device_unregister+0x1c/0x40\n mfd_remove_devices_fn+0x167/0x170\n device_for_each_child_reverse+0xc9/0x130\n mfd_remove_devices+0x6e/0xa0\n rtsx_usb_disconnect+0x2e/0xd0 [rtsx_usb]\n usb_unbind_interface+0xf3/0x3f0\n device_release_driver_internal+0x24b/0x2e0\n proc_disconnect_claim+0x13d/0x220\n usbdev_do_ioctl+0xb5e/0x1860\n usbdev_ioctl+0xa/0x20\n __x64_sys_ioctl+0xc5/0xf0\n do_syscall_64+0x59/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nLast potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x360\n __irq_exit_rcu+0x114/0x130\n sysvec_apic_timer_interrupt+0x72/0x90\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n\nSecond to last potentially related work creation:\n kasan_save_stack+0x20/0x40\n kasan_record_aux_stack+0x85/0x90\n insert_work+0x29/0x100\n __queue_work+0x34a/0x540\n call_timer_fn+0x2a/0x160\n expire_timers+0x5f/0x1f0\n __run_timer_base.part.0+0x1b6/0x1e0\n run_timer_softirq+0x8b/0xe0\n handle_softirqs+0xf9/0x\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:16:43.813Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/914c5e5bfceb9878f3056eaf4d1c88f2cbe0a185"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dfaf4d723c62bda8d9d1340e2e78acf0c190439"
        },
        {
          "url": "https://git.kernel.org/stable/c/31f0eaed6914333f42501fc7e0f6830879f5ef2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/52d942a5302eefb3b7a3bfee310a5a33feeedc21"
        },
        {
          "url": "https://git.kernel.org/stable/c/6186fb2cd36317277a8423687982140a7f3f7841"
        },
        {
          "url": "https://git.kernel.org/stable/c/b094e8e3988e02e8cef7a756c8d2cea9c12509ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/0067cb7d7e7c277e91a0887a3c24e71462379469"
        },
        {
          "url": "https://git.kernel.org/stable/c/75123adf204f997e11bbddee48408c284f51c050"
        },
        {
          "url": "https://git.kernel.org/stable/c/4676741a3464b300b486e70585c3c9b692be1632"
        }
      ],
      "title": "memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-22020",
    "datePublished": "2025-04-16T10:20:37.045Z",
    "dateReserved": "2024-12-29T08:45:45.807Z",
    "dateUpdated": "2025-05-26T05:16:43.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-38079 (GCVE-0-2025-38079)

Vulnerability from cvelistv5

Published

2025-06-18 09:33

Modified

2025-06-18 09:33

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.

References

►

URL

Tags

	https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633
	https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf
	https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547
	https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4
	https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993
	https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896
	https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967
	https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6

Impacted products

Vendor

Product

Version

►

Linux

Version: fe869cdb89c95d060c77eea20204d6c91f233b53
Version: fe869cdb89c95d060c77eea20204d6c91f233b53
Version: fe869cdb89c95d060c77eea20204d6c91f233b53
Version: fe869cdb89c95d060c77eea20204d6c91f233b53
Version: fe869cdb89c95d060c77eea20204d6c91f233b53
Version: fe869cdb89c95d060c77eea20204d6c91f233b53
Version: fe869cdb89c95d060c77eea20204d6c91f233b53
Version: fe869cdb89c95d060c77eea20204d6c91f233b53

Linux

Version: 2.6.38

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/algif_hash.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5bff312b59b3f2a54ff504e4f4e47272b64f3633",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            },
            {
              "lessThan": "bf7bba75b91539e93615f560893a599c1e1c98bf",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            },
            {
              "lessThan": "c3059d58f79fdfb2201249c2741514e34562b547",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            },
            {
              "lessThan": "f0f3d09f53534ea385d55ced408f2b67059b16e4",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            },
            {
              "lessThan": "134daaba93193df9e988524b5cd2f52d15eb1993",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            },
            {
              "lessThan": "2f45a8d64fb4ed4830a4b3273834ecd6ca504896",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            },
            {
              "lessThan": "0346f4b742345d1c733c977f3a7aef5a6419a967",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            },
            {
              "lessThan": "b2df03ed4052e97126267e8c13ad4204ea6ba9b6",
              "status": "affected",
              "version": "fe869cdb89c95d060c77eea20204d6c91f233b53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/algif_hash.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.185",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.141",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.185",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.141",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.93",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.31",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.9",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_hash - fix double free in hash_accept\n\nIf accept(2) is called on socket type algif_hash with\nMSG_MORE flag set and crypto_ahash_import fails,\nsk2 is freed. However, it is also freed in af_alg_release,\nleading to slab-use-after-free error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T09:33:53.251Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5bff312b59b3f2a54ff504e4f4e47272b64f3633"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf7bba75b91539e93615f560893a599c1e1c98bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/c3059d58f79fdfb2201249c2741514e34562b547"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0f3d09f53534ea385d55ced408f2b67059b16e4"
        },
        {
          "url": "https://git.kernel.org/stable/c/134daaba93193df9e988524b5cd2f52d15eb1993"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f45a8d64fb4ed4830a4b3273834ecd6ca504896"
        },
        {
          "url": "https://git.kernel.org/stable/c/0346f4b742345d1c733c977f3a7aef5a6419a967"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2df03ed4052e97126267e8c13ad4204ea6ba9b6"
        }
      ],
      "title": "crypto: algif_hash - fix double free in hash_accept",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38079",
    "datePublished": "2025-06-18T09:33:53.251Z",
    "dateReserved": "2025-04-16T04:51:23.980Z",
    "dateUpdated": "2025-06-18T09:33:53.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-37890 (GCVE-0-2025-37890)

Vulnerability from cvelistv5

Published

2025-05-16 13:01

Modified

2025-06-04 12:57

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfsc is assuming that checking for cl->qdisc->q.qlen == 0 guarantees that it hasn't inserted the class in the vttree or eltree (which is not true for the netem duplicate case). This patch checks the n_active class variable to make sure that the code won't insert the class in the vttree or eltree twice, catering for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/

References

►

URL

Tags

	https://git.kernel.org/stable/c/273bbcfa53541cde38b2003ad88a59b770306421
	https://git.kernel.org/stable/c/e0cf8ee23e1915431f262a7b2dee0c7a7d699af0
	https://git.kernel.org/stable/c/e3e949a39a91d1f829a4890e7dfe9417ac72e4d0
	https://git.kernel.org/stable/c/8df7d37d626430035b413b97cee18396b3450bef
	https://git.kernel.org/stable/c/6082a87af4c52f58150d40dec1716011d871ac21
	https://git.kernel.org/stable/c/2e7093c7a8aba5d4f8809f271488e5babe75e202
	https://git.kernel.org/stable/c/ac39fd4a757584d78ed062d4f6fd913f83bd98b5
	https://git.kernel.org/stable/c/141d34391abbb315d68556b7c67ad97885407547

Impacted products

Vendor

Product

Version

►

Linux

Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea
Version: 37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea

Linux

Version: 5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_hfsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "273bbcfa53541cde38b2003ad88a59b770306421",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "e0cf8ee23e1915431f262a7b2dee0c7a7d699af0",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "e3e949a39a91d1f829a4890e7dfe9417ac72e4d0",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "8df7d37d626430035b413b97cee18396b3450bef",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "6082a87af4c52f58150d40dec1716011d871ac21",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "2e7093c7a8aba5d4f8809f271488e5babe75e202",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "ac39fd4a757584d78ed062d4f6fd913f83bd98b5",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            },
            {
              "lessThan": "141d34391abbb315d68556b7c67ad97885407547",
              "status": "affected",
              "version": "37d9cf1a3ce35de3df6f7d209bfb1f50cf188cea",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_hfsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.294",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.238",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.182",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.138",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.294",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.238",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.182",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.138",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.90",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.28",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.6",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "5.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc\n\nAs described in Gerrard\u0027s report [1], we have a UAF case when an hfsc class\nhas a netem child qdisc. The crux of the issue is that hfsc is assuming\nthat checking for cl-\u003eqdisc-\u003eq.qlen == 0 guarantees that it hasn\u0027t inserted\nthe class in the vttree or eltree (which is not true for the netem\nduplicate case).\n\nThis patch checks the n_active class variable to make sure that the code\nwon\u0027t insert the class in the vttree or eltree twice, catering for the\nreentrant case.\n\n[1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T12:57:24.484Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/273bbcfa53541cde38b2003ad88a59b770306421"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0cf8ee23e1915431f262a7b2dee0c7a7d699af0"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3e949a39a91d1f829a4890e7dfe9417ac72e4d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8df7d37d626430035b413b97cee18396b3450bef"
        },
        {
          "url": "https://git.kernel.org/stable/c/6082a87af4c52f58150d40dec1716011d871ac21"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e7093c7a8aba5d4f8809f271488e5babe75e202"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac39fd4a757584d78ed062d4f6fd913f83bd98b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/141d34391abbb315d68556b7c67ad97885407547"
        }
      ],
      "title": "net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37890",
    "datePublished": "2025-05-16T13:01:12.798Z",
    "dateReserved": "2025-04-16T04:51:23.963Z",
    "dateUpdated": "2025-06-04T12:57:24.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:12753

Vulnerability from csaf_redhat

CVE-2025-38052 (GCVE-0-2025-38052)

Vulnerability from cvelistv5

CVE-2025-21928 (GCVE-0-2025-21928)

Vulnerability from cvelistv5

CVE-2022-50020 (GCVE-0-2022-50020)

Vulnerability from cvelistv5

CVE-2025-22020 (GCVE-0-2025-22020)

Vulnerability from cvelistv5

CVE-2025-38079 (GCVE-0-2025-38079)

Vulnerability from cvelistv5

CVE-2025-37890 (GCVE-0-2025-37890)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature