RHSA-2025:14136
Vulnerability from csaf_redhat - Published: 2025-08-20 08:10 - Updated: 2026-03-18 03:05Summary
Red Hat Security Advisory: kernel security update
Severity
Moderate
Notes
Topic: An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
* kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
* kernel: can: peak_usb: fix use after free bugs (CVE-2021-47670)
* kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
* kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
* kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). Reordering the lines solves the issue.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:14136
In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:169 vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431 vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925 vfs_ioctl fs/ioctl.c:51 ... Uninit was stored to memory at: kmemdup+0x74/0xb0 mm/util.c:131 dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271 vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339 qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940 vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488 vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927 ... Local variable ev created at: qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456 qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662 qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750 Bytes 28-31 of 48 are uninitialized Memory access of size 48 starts at ffff888035155e00 Data copied to user address 0000000020000100 Use memset() to prevent the infoleaks. Also speculatively fix qp_notify_peer_local(), which may suffer from the same problem.
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:14136
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid resizing to a partial cluster size This patch avoids an attempt to resize the filesystem to an unaligned cluster boundary. An online resize to a size that is not integral to cluster size results in the last iteration attempting to grow the fs by a negative amount, which trips a BUG_ON and leaves the fs with a corrupted in-memory superblock.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:14136
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
4.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:14136
Workaround
To mitigate this issue, prevent module uvcvideo from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() The system can experience a random crash a few minutes after the driver is removed. This issue occurs due to improper handling of memory freeing in the ishtp_hid_remove() function. The function currently frees the `driver_data` directly within the loop that destroys the HID devices, which can lead to accessing freed memory. Specifically, `hid_destroy_device()` uses `driver_data` when it calls `hid_ishtp_set_feature()` to power off the sensor, so freeing `driver_data` beforehand can result in accessing invalid memory. This patch resolves the issue by storing the `driver_data` in a temporary variable before calling `hid_destroy_device()`, and then freeing the `driver_data` after the device is destroyed.
6.7 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:14136
In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read(). ch9200_mdio_read() utilises a local buffer called "buff", which is initialised with control_read(). However "buff" is conditionally initialised inside control_read(): if (err == size) { memcpy(data, buf, size); } If the condition of "err == size" is not met, then "buff" remains uninitialised. Once this happens the uninitialised "buff" is accessed and returned during ch9200_mdio_read(): return (buff[0] | buff[1] << 8); The problem stems from the fact that ch9200_mdio_read() ignores the return value of control_read(), leading to uinit-access of "buff". To fix this we should check the return value of control_read() and return early on error.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:14136
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)\n\n* kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)\n\n* kernel: can: peak_usb: fix use after free bugs (CVE-2021-47670)\n\n* kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)\n\n* kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)\n\n* kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14136",
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2348599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348599"
},
{
"category": "external",
"summary": "2356592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356592"
},
{
"category": "external",
"summary": "2360786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360786"
},
{
"category": "external",
"summary": "2363378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363378"
},
{
"category": "external",
"summary": "2373630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373630"
},
{
"category": "external",
"summary": "2375305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375305"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14136.json"
}
],
"title": "Red Hat Security Advisory: kernel security update",
"tracking": {
"current_release_date": "2026-03-18T03:05:03+00:00",
"generator": {
"date": "2026-03-18T03:05:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2025:14136",
"initial_release_date": "2025-08-20T08:10:29+00:00",
"revision_history": [
{
"date": "2025-08-20T08:10:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-20T08:10:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:05:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-core@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-devel@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "perf-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "perf-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product": {
"name": "python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_id": "python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-193.164.1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-0:4.18.0-193.164.1.el8_2.src",
"product": {
"name": "kernel-0:4.18.0-193.164.1.el8_2.src",
"product_id": "kernel-0:4.18.0-193.164.1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-193.164.1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"product": {
"name": "kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"product_id": "kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-abi-whitelists@4.18.0-193.164.1.el8_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"product": {
"name": "kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"product_id": "kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-doc@4.18.0-193.164.1.el8_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-193.164.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src"
},
"product_reference": "kernel-0:4.18.0-193.164.1.el8_2.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch"
},
"product_reference": "kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-doc-0:4.18.0-193.164.1.el8_2.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch"
},
"product_reference": "kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "perf-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
},
"product_reference": "python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47670",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-04-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2360786"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: peak_usb: fix use after free bugs\n\nAfter calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe.\nEspecially, the can_frame cf which aliases skb memory is accessed\nafter the peak_usb_netif_rx_ni().\n\nReordering the lines solves the issue.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: can: peak_usb: fix use after free bugs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "An unprivileged user with device access could potentially trigger a use-after-free vulnerability. However, this would require them to interact with the CAN device in a highly specific and difficult-to-automate manner to create the necessary conditions within the kernel driver.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-47670"
},
{
"category": "external",
"summary": "RHBZ#2360786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-47670",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47670"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-47670",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47670"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025041734-CVE-2021-47670-2b77@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025041734-CVE-2021-47670-2b77@gregkh/T"
}
],
"release_date": "2025-04-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T08:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: can: peak_usb: fix use after free bugs"
},
{
"cve": "CVE-2022-49788",
"cwe": {
"id": "CWE-401",
"name": "Missing Release of Memory after Effective Lifetime"
},
"discovery_date": "2025-05-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2363378"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()\n\n`struct vmci_event_qp` allocated by qp_notify_peer() contains padding,\nwhich may carry uninitialized data to the userspace, as observed by\nKMSAN:\n\n BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121\n instrument_copy_to_user ./include/linux/instrumented.h:121\n _copy_to_user+0x5f/0xb0 lib/usercopy.c:33\n copy_to_user ./include/linux/uaccess.h:169\n vmci_host_do_receive_datagram drivers/misc/vmw_vmci/vmci_host.c:431\n vmci_host_unlocked_ioctl+0x33d/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:925\n vfs_ioctl fs/ioctl.c:51\n ...\n\n Uninit was stored to memory at:\n kmemdup+0x74/0xb0 mm/util.c:131\n dg_dispatch_as_host drivers/misc/vmw_vmci/vmci_datagram.c:271\n vmci_datagram_dispatch+0x4f8/0xfc0 drivers/misc/vmw_vmci/vmci_datagram.c:339\n qp_notify_peer+0x19a/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1479\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n vmci_qp_broker_alloc+0x96/0xd0 drivers/misc/vmw_vmci/vmci_queue_pair.c:1940\n vmci_host_do_alloc_queuepair drivers/misc/vmw_vmci/vmci_host.c:488\n vmci_host_unlocked_ioctl+0x24fd/0x43d0 drivers/misc/vmw_vmci/vmci_host.c:927\n ...\n\n Local variable ev created at:\n qp_notify_peer+0x54/0x290 drivers/misc/vmw_vmci/vmci_queue_pair.c:1456\n qp_broker_attach drivers/misc/vmw_vmci/vmci_queue_pair.c:1662\n qp_broker_alloc+0x2977/0x2f30 drivers/misc/vmw_vmci/vmci_queue_pair.c:1750\n\n Bytes 28-31 of 48 are uninitialized\n Memory access of size 48 starts at ffff888035155e00\n Data copied to user address 0000000020000100\n\nUse memset() to prevent the infoleaks.\n\nAlso speculatively fix qp_notify_peer_local(), which may suffer from the\nsame problem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-49788"
},
{
"category": "external",
"summary": "RHBZ#2363378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-49788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-49788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49788"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025050121-CVE-2022-49788-6e84@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025050121-CVE-2022-49788-6e84@gregkh/T"
}
],
"release_date": "2025-05-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T08:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()"
},
{
"cve": "CVE-2022-50020",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2025-06-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373630"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid resizing to a partial cluster size\n\nThis patch avoids an attempt to resize the filesystem to an\nunaligned cluster boundary. An online resize to a size that is not\nintegral to cluster size results in the last iteration attempting to\ngrow the fs by a negative amount, which trips a BUG_ON and leaves the fs\nwith a corrupted in-memory superblock.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ext4: avoid resizing to a partial cluster size",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50020"
},
{
"category": "external",
"summary": "RHBZ#2373630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50020",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50020"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025061835-CVE-2022-50020-6f27@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025061835-CVE-2022-50020-6f27@gregkh/T"
}
],
"release_date": "2025-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T08:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ext4: avoid resizing to a partial cluster size"
},
{
"cve": "CVE-2024-57980",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-02-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348599"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix double free in error path\n\nIf the uvc_status_init() function fails to allocate the int_urb, it will\nfree the dev-\u003estatus pointer but doesn\u0027t reset the pointer to NULL. This\nresults in the kfree() call in uvc_status_cleanup() trying to\ndouble-free the memory. Fix it by resetting the dev-\u003estatus pointer to\nNULL after freeing it.\n\nReviewed by: Ricardo Ribalda \u003cribalda@chromium.org\u003e",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: media: uvcvideo: Fix double free in error path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The bug could happen on error path if memory allocation failed. For the Linux Kernel this condition is impossible until system already failed. This type of bugs are complex to trigger (making system out of memory) and considered to affect availability only. The security impact is limited.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-57980"
},
{
"category": "external",
"summary": "RHBZ#2348599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348599"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-57980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-57980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57980"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2024-57980-4b5a@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2024-57980-4b5a@gregkh/T"
}
],
"release_date": "2025-02-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T08:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module uvcvideo from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: media: uvcvideo: Fix double free in error path"
},
{
"cve": "CVE-2025-21928",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-04-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2356592"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()\n\nThe system can experience a random crash a few minutes after the driver is\nremoved. This issue occurs due to improper handling of memory freeing in\nthe ishtp_hid_remove() function.\n\nThe function currently frees the `driver_data` directly within the loop\nthat destroys the HID devices, which can lead to accessing freed memory.\nSpecifically, `hid_destroy_device()` uses `driver_data` when it calls\n`hid_ishtp_set_feature()` to power off the sensor, so freeing\n`driver_data` beforehand can result in accessing invalid memory.\n\nThis patch resolves the issue by storing the `driver_data` in a temporary\nvariable before calling `hid_destroy_device()`, and then freeing the\n`driver_data` after the device is destroyed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Triggering this vulnerability requires loading and unloading kernel modules, specifically triggering the removal of the `intel-ish-hid` driver. The loading and unloading of kernel drivers requires elevated privileges (e.g. `CAP_SYS_MODULE`) and cannot be done by a regular, unprivileged user.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-21928"
},
{
"category": "external",
"summary": "RHBZ#2356592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2356592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21928"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21928-e444@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21928-e444@gregkh/T"
}
],
"release_date": "2025-04-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T08:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()"
},
{
"cve": "CVE-2025-38086",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2025-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2375305"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ch9200: fix uninitialised access during mii_nway_restart\n\nIn mii_nway_restart() the code attempts to call\nmii-\u003emdio_read which is ch9200_mdio_read(). ch9200_mdio_read()\nutilises a local buffer called \"buff\", which is initialised\nwith control_read(). However \"buff\" is conditionally\ninitialised inside control_read():\n\n if (err == size) {\n memcpy(data, buf, size);\n }\n\nIf the condition of \"err == size\" is not met, then\n\"buff\" remains uninitialised. Once this happens the\nuninitialised \"buff\" is accessed and returned during\nch9200_mdio_read():\n\n return (buff[0] | buff[1] \u003c\u003c 8);\n\nThe problem stems from the fact that ch9200_mdio_read()\nignores the return value of control_read(), leading to\nuinit-access of \"buff\".\n\nTo fix this we should check the return value of\ncontrol_read() and return early on error.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net: ch9200: fix uninitialised access during mii_nway_restart",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38086"
},
{
"category": "external",
"summary": "RHBZ#2375305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38086",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38086"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025062801-CVE-2025-38086-783b@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025062801-CVE-2025-38086-783b@gregkh/T"
}
],
"release_date": "2025-06-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-20T08:10:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14136"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.164.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.164.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.164.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: net: ch9200: fix uninitialised access during mii_nway_restart"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…