csaf_redhat - rhsa-2025:21082

rhsa-2025:21082

Vulnerability from csaf_redhat

Published

2025-11-12 04:28

Modified

2025-11-12 16:38

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event (CVE-2022-48978) * kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797) * kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) * kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751) * kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event (CVE-2022-48978)\n\n* kernel: nfsd: don\u0027t ignore the return code of svc_proc_register() (CVE-2025-22026)\n\n* kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)\n\n* kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)\n\n* kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751)\n\n* kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:21082",
        "url": "https://access.redhat.com/errata/RHSA-2025:21082"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2320665",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320665"
      },
      {
        "category": "external",
        "summary": "2360224",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360224"
      },
      {
        "category": "external",
        "summary": "2363672",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363672"
      },
      {
        "category": "external",
        "summary": "2389456",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389456"
      },
      {
        "category": "external",
        "summary": "2394624",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394624"
      },
      {
        "category": "external",
        "summary": "2396379",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396379"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21082.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2025-11-12T16:38:55+00:00",
      "generator": {
        "date": "2025-11-12T16:38:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2025:21082",
      "initial_release_date": "2025-11-12T04:28:37+00:00",
      "revision_history": [
        {
          "date": "2025-11-12T04:28:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-12T04:28:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-12T16:38:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
                  "product_id": "7Server-RT-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras_rt_els:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
                "product": {
                  "name": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
                  "product_id": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.142.1.rt56.1294.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.142.1.rt56.1294.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
                "product": {
                  "name": "kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
                  "product_id": "kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.142.1.rt56.1294.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch"
        },
        "product_reference": "kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-48978",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2024-10-21T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320665"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: fix shift-out-of-bounds in hid_report_raw_event\n\nSyzbot reported shift-out-of-bounds in hid_report_raw_event.\n\nmicrosoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) \u003e\n32! (swapper/0)\n======================================================================\nUBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20\nshift exponent 127 is too large for 32-bit type \u0027int\u0027\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted\n6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/26/2022\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322\n snto32 drivers/hid/hid-core.c:1323 [inline]\n hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]\n hid_process_report drivers/hid/hid-core.c:1665 [inline]\n hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998\n hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066\n hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284\n __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671\n dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers+0x76a/0x980 kernel/time/timer.c:1790\n run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803\n __do_softirq+0x277/0x75b kernel/softirq.c:571\n __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107\n======================================================================\n\nIf the size of the integer (unsigned n) is bigger than 32 in snto32(),\nshift exponent will be too large for 32-bit type \u0027int\u0027, resulting in a\nshift-out-of-bounds bug.\nFix this by adding a check on the size of the integer (unsigned n) in\nsnto32(). To add support for n greater than 32 bits, set n to 32, if n\nis greater than 32.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-48978"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320665",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320665"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-48978",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-48978"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48978",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48978"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2024102146-CVE-2022-48978-8a19@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2024102146-CVE-2022-48978-8a19@gregkh/T"
        }
      ],
      "release_date": "2024-10-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-12T04:28:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21082"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: HID: core: fix shift-out-of-bounds in hid_report_raw_event"
    },
    {
      "cve": "CVE-2023-53373",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-09-18T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2396379"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: seqiv - Handle EBUSY correctly\n\nAs it is seqiv only handles the special return value of EINPROGERSS,\nwhich means that in all other cases it will free data related to the\nrequest.\n\nHowever, as the caller of seqiv may specify MAY_BACKLOG, we also need\nto expect EBUSY and treat it in the same way.  Otherwise backlogged\nrequests will trigger a use-after-free.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: crypto: seqiv - Handle EBUSY correctly",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw is in the seqiv IV generator and can lead to a use-after-free when backlogged crypto requests return -EBUSY. Triggering it is easier locally by flooding the kernel crypto API (e.g. via AF_ALG or many concurrent AEAD requests) because the attacker must create backlog conditions. Remote triggering is much harder and only realistic for specific configurations (for example an in-kernel IPsec/TLS path that uses seqiv for AEAD). In practice this means an unprivileged local user with access to the kernel crypto interface is the most likely threat vector, while a remote attacker would need the target to both use seqiv and be inducible into heavy crypto backlog.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-53373"
        },
        {
          "category": "external",
          "summary": "RHBZ#2396379",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396379"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-53373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53373",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53373"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53373-087e@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53373-087e@gregkh/T"
        }
      ],
      "release_date": "2025-09-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-12T04:28:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21082"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: crypto: seqiv - Handle EBUSY correctly"
    },
    {
      "cve": "CVE-2025-22026",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "discovery_date": "2025-04-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2360224"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don\u0027t ignore the return code of svc_proc_register()\n\nCurrently, nfsd_proc_stat_init() ignores the return value of\nsvc_proc_register(). If the procfile creation fails, then the kernel\nwill WARN when it tries to remove the entry later.\n\nFix nfsd_proc_stat_init() to return the same type of pointer as\nsvc_proc_register(), and fix up nfsd_net_init() to check that and fail\nthe nfsd_net construction if it occurs.\n\nsvc_proc_register() can fail if the dentry can\u0027t be allocated, or if an\nidentical dentry already exists. The second case is pretty unlikely in\nthe nfsd_net construction codepath, so if this happens, return -ENOMEM.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: nfsd: don\u0027t ignore the return code of svc_proc_register()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22026"
        },
        {
          "category": "external",
          "summary": "RHBZ#2360224",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360224"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22026",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22026"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22026",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22026"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025041654-CVE-2025-22026-f6be@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025041654-CVE-2025-22026-f6be@gregkh/T"
        }
      ],
      "release_date": "2025-04-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-12T04:28:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21082"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: nfsd: don\u0027t ignore the return code of svc_proc_register()"
    },
    {
      "cve": "CVE-2025-37797",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-05-02T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2363672"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n   codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n   the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n   are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The bug could happen only when qdisc with child qdiscs like netem or codel being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-37797"
        },
        {
          "category": "external",
          "summary": "RHBZ#2363672",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363672"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-37797",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37797"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-37797",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37797"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025050210-CVE-2025-37797-2aab@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025050210-CVE-2025-37797-2aab@gregkh/T"
        }
      ],
      "release_date": "2025-05-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-12T04:28:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21082"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module sch_hfsc from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling"
    },
    {
      "cve": "CVE-2025-38556",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-08-19T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2389456"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Harden s32ton() against conversion to 0 bits\n\nTesting by the syzbot fuzzer showed that the HID core gets a\nshift-out-of-bounds exception when it tries to convert a 32-bit\nquantity to a 0-bit quantity.  Ideally this should never occur, but\nthere are buggy devices and some might have a report field with size\nset to zero; we shouldn\u0027t reject the report or the device just because\nof that.\n\nInstead, harden the s32ton() routine so that it returns a reasonable\nresult instead of crashing when it is called with the number of bits\nset to 0 -- the same as what snto32() does.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: HID: core: Harden s32ton() against conversion to 0 bits",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "HID core could crash on malformed devices that define a 0-bit report field, causing a shift-out-of-bounds in s32ton(). Exploitation requires only connecting a malicious HID device (no privileges or user interaction), leading to kernel crash.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-38556"
        },
        {
          "category": "external",
          "summary": "RHBZ#2389456",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389456"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-38556",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38556"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38556",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38556"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025081905-CVE-2025-38556-521e@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025081905-CVE-2025-38556-521e@gregkh/T"
        }
      ],
      "release_date": "2025-08-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-12T04:28:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21082"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: HID: core: Harden s32ton() against conversion to 0 bits"
    },
    {
      "cve": "CVE-2025-39751",
      "cwe": {
        "id": "CWE-120",
        "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
      },
      "discovery_date": "2025-09-11T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2394624"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "No description is available for this CVE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-39751"
        },
        {
          "category": "external",
          "summary": "RHBZ#2394624",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394624"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-39751",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39751"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39751",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39751"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025091142-CVE-2025-39751-c340@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025091142-CVE-2025-39751-c340@gregkh/T"
        }
      ],
      "release_date": "2025-09-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-12T04:28:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.142.1.rt56.1294.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.142.1.rt56.1294.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21082"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control"
    }
  ]
}

CVE-2025-38556 (GCVE-0-2025-38556)

Vulnerability from cvelistv5

Published

2025-08-19 17:02

Modified

2025-09-29 05:53

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.

References

URL

Tags

	https://git.kernel.org/stable/c/d3b504146c111548ab60b6ef7aad00bfb1db05a2
	https://git.kernel.org/stable/c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836
	https://git.kernel.org/stable/c/865ad8469fa24de1559f247d9426ab01e5ce3a56
	https://git.kernel.org/stable/c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd

Impacted products

Vendor

Product

Version

Linux

Version: 2.6.20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d3b504146c111548ab60b6ef7aad00bfb1db05a2",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "8b4a94b1510f6a46ec48494b52ee8f67eb4fc836",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "865ad8469fa24de1559f247d9426ab01e5ce3a56",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.20"
            },
            {
              "lessThan": "2.6.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.46",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: Harden s32ton() against conversion to 0 bits\n\nTesting by the syzbot fuzzer showed that the HID core gets a\nshift-out-of-bounds exception when it tries to convert a 32-bit\nquantity to a 0-bit quantity.  Ideally this should never occur, but\nthere are buggy devices and some might have a report field with size\nset to zero; we shouldn\u0027t reject the report or the device just because\nof that.\n\nInstead, harden the s32ton() routine so that it returns a reasonable\nresult instead of crashing when it is called with the number of bits\nset to 0 -- the same as what snto32() does."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:53:43.421Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d3b504146c111548ab60b6ef7aad00bfb1db05a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b4a94b1510f6a46ec48494b52ee8f67eb4fc836"
        },
        {
          "url": "https://git.kernel.org/stable/c/865ad8469fa24de1559f247d9426ab01e5ce3a56"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd"
        }
      ],
      "title": "HID: core: Harden s32ton() against conversion to 0 bits",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38556",
    "datePublished": "2025-08-19T17:02:34.929Z",
    "dateReserved": "2025-04-16T04:51:24.025Z",
    "dateUpdated": "2025-09-29T05:53:43.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-39751 (GCVE-0-2025-39751)

Vulnerability from cvelistv5

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-10-06T09:54:34.568Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39751",
    "datePublished": "2025-09-11T16:52:22.651Z",
    "dateRejected": "2025-10-06T09:54:34.568Z",
    "dateReserved": "2025-04-16T07:20:57.125Z",
    "dateUpdated": "2025-10-06T09:54:34.568Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-37797 (GCVE-0-2025-37797)

Vulnerability from cvelistv5

Published

2025-05-02 14:16

Modified

2025-11-03 19:55

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied.

References

URL

Tags

	https://git.kernel.org/stable/c/28b09a067831f7317c3841812276022d6c940677
	https://git.kernel.org/stable/c/39b9095dd3b55d9b2743df038c32138efa34a9de
	https://git.kernel.org/stable/c/fcc8ede663569c704fb00a702973bd6c00373283
	https://git.kernel.org/stable/c/20d584a33e480ae80d105f43e0e7b56784da41b9
	https://git.kernel.org/stable/c/3aa852e3605000d5c47035c3fc3a986d14ccfa9f
	https://git.kernel.org/stable/c/86cd4641c713455a4f1c8e54c370c598c2b1cee0
	https://git.kernel.org/stable/c/bb583c88d23b72d8d16453d24856c99bd93dadf5
	https://git.kernel.org/stable/c/3df275ef0a6ae181e8428a6589ef5d5231e58b5c

Impacted products

Vendor

Product

Version

Linux

Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14
Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14
Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14
Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14
Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14
Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14
Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14
Version: 21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14

Linux

Version: 4.14

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:55:28.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_hfsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "28b09a067831f7317c3841812276022d6c940677",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            },
            {
              "lessThan": "39b9095dd3b55d9b2743df038c32138efa34a9de",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            },
            {
              "lessThan": "fcc8ede663569c704fb00a702973bd6c00373283",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            },
            {
              "lessThan": "20d584a33e480ae80d105f43e0e7b56784da41b9",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            },
            {
              "lessThan": "3aa852e3605000d5c47035c3fc3a986d14ccfa9f",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            },
            {
              "lessThan": "86cd4641c713455a4f1c8e54c370c598c2b1cee0",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            },
            {
              "lessThan": "bb583c88d23b72d8d16453d24856c99bd93dadf5",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            },
            {
              "lessThan": "3df275ef0a6ae181e8428a6589ef5d5231e58b5c",
              "status": "affected",
              "version": "21f4d5cc25ec0e6e8eb8420dd2c399e6d2fc7d14",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_hfsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.136",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.89",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.293",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.136",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.89",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.26",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.5",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a UAF vulnerability in class handling\n\nThis patch fixes a Use-After-Free vulnerability in the HFSC qdisc class\nhandling. The issue occurs due to a time-of-check/time-of-use condition\nin hfsc_change_class() when working with certain child qdiscs like netem\nor codel.\n\nThe vulnerability works as follows:\n1. hfsc_change_class() checks if a class has packets (q.qlen != 0)\n2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g.,\n   codel, netem) might drop packets and empty the queue\n3. The code continues assuming the queue is still non-empty, adding\n   the class to vttree\n4. This breaks HFSC scheduler assumptions that only non-empty classes\n   are in vttree\n5. Later, when the class is destroyed, this can lead to a Use-After-Free\n\nThe fix adds a second queue length check after qdisc_peek_len() to verify\nthe queue wasn\u0027t emptied."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:21:05.138Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/28b09a067831f7317c3841812276022d6c940677"
        },
        {
          "url": "https://git.kernel.org/stable/c/39b9095dd3b55d9b2743df038c32138efa34a9de"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcc8ede663569c704fb00a702973bd6c00373283"
        },
        {
          "url": "https://git.kernel.org/stable/c/20d584a33e480ae80d105f43e0e7b56784da41b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3aa852e3605000d5c47035c3fc3a986d14ccfa9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/86cd4641c713455a4f1c8e54c370c598c2b1cee0"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb583c88d23b72d8d16453d24856c99bd93dadf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3df275ef0a6ae181e8428a6589ef5d5231e58b5c"
        }
      ],
      "title": "net_sched: hfsc: Fix a UAF vulnerability in class handling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37797",
    "datePublished": "2025-05-02T14:16:01.905Z",
    "dateReserved": "2025-04-16T04:51:23.941Z",
    "dateUpdated": "2025-11-03T19:55:28.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53373 (GCVE-0-2023-53373)

Vulnerability from cvelistv5

Published

2025-09-18 13:33

Modified

2025-09-18 13:33

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.

References

URL

Tags

	https://git.kernel.org/stable/c/cc4d0d4251748a8a68026938f4055d2ac47c5719
	https://git.kernel.org/stable/c/1effbddaff60eeef8017c6dea1ee0ed970164d14
	https://git.kernel.org/stable/c/63551e4b7cbcd9914258827699eb2cb6ed6e4a16
	https://git.kernel.org/stable/c/ae849d2f48019ff9c104e32bf588ccbfb200e971
	https://git.kernel.org/stable/c/36ec108b7bd7e280edb22de028467bd09d644620
	https://git.kernel.org/stable/c/4d497e8b200a175094e0ac252ed878add39b8771
	https://git.kernel.org/stable/c/9477db935eb690f697d9bcc4f608927841bc8b36
	https://git.kernel.org/stable/c/32e62025e5e52fbe4812ef044759de7010b15dbc

Impacted products

Vendor

Product

Version

Linux

Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771
Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771
Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771
Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771
Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771
Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771
Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771
Version: 0a270321dbf948963aeb0e8382fe17d2c2eb3771

Linux

Version: 2.6.25

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/seqiv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc4d0d4251748a8a68026938f4055d2ac47c5719",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            },
            {
              "lessThan": "1effbddaff60eeef8017c6dea1ee0ed970164d14",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            },
            {
              "lessThan": "63551e4b7cbcd9914258827699eb2cb6ed6e4a16",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            },
            {
              "lessThan": "ae849d2f48019ff9c104e32bf588ccbfb200e971",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            },
            {
              "lessThan": "36ec108b7bd7e280edb22de028467bd09d644620",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            },
            {
              "lessThan": "4d497e8b200a175094e0ac252ed878add39b8771",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            },
            {
              "lessThan": "9477db935eb690f697d9bcc4f608927841bc8b36",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            },
            {
              "lessThan": "32e62025e5e52fbe4812ef044759de7010b15dbc",
              "status": "affected",
              "version": "0a270321dbf948963aeb0e8382fe17d2c2eb3771",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/seqiv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.308",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: seqiv - Handle EBUSY correctly\n\nAs it is seqiv only handles the special return value of EINPROGERSS,\nwhich means that in all other cases it will free data related to the\nrequest.\n\nHowever, as the caller of seqiv may specify MAY_BACKLOG, we also need\nto expect EBUSY and treat it in the same way.  Otherwise backlogged\nrequests will trigger a use-after-free."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T13:33:20.264Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc4d0d4251748a8a68026938f4055d2ac47c5719"
        },
        {
          "url": "https://git.kernel.org/stable/c/1effbddaff60eeef8017c6dea1ee0ed970164d14"
        },
        {
          "url": "https://git.kernel.org/stable/c/63551e4b7cbcd9914258827699eb2cb6ed6e4a16"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae849d2f48019ff9c104e32bf588ccbfb200e971"
        },
        {
          "url": "https://git.kernel.org/stable/c/36ec108b7bd7e280edb22de028467bd09d644620"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d497e8b200a175094e0ac252ed878add39b8771"
        },
        {
          "url": "https://git.kernel.org/stable/c/9477db935eb690f697d9bcc4f608927841bc8b36"
        },
        {
          "url": "https://git.kernel.org/stable/c/32e62025e5e52fbe4812ef044759de7010b15dbc"
        }
      ],
      "title": "crypto: seqiv - Handle EBUSY correctly",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53373",
    "datePublished": "2025-09-18T13:33:20.264Z",
    "dateReserved": "2025-09-17T14:54:09.734Z",
    "dateUpdated": "2025-09-18T13:33:20.264Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22026 (GCVE-0-2025-22026)

Vulnerability from cvelistv5

Published

2025-04-16 14:11

Modified

2025-05-26 05:16

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM.

References

URL

Tags

	https://git.kernel.org/stable/c/6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0
	https://git.kernel.org/stable/c/e31957a819e60cf0bc9a49408765e6095fd3d046
	https://git.kernel.org/stable/c/9d9456185fd5f1891c74354ee297f19538141ead
	https://git.kernel.org/stable/c/930b64ca0c511521f0abdd1d57ce52b2a6e3476b

Impacted products

Vendor

Product

Version

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfsctl.c",
            "fs/nfsd/stats.c",
            "fs/nfsd/stats.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e31957a819e60cf0bc9a49408765e6095fd3d046",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9d9456185fd5f1891c74354ee297f19538141ead",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "930b64ca0c511521f0abdd1d57ce52b2a6e3476b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfsctl.c",
            "fs/nfsd/stats.c",
            "fs/nfsd/stats.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: don\u0027t ignore the return code of svc_proc_register()\n\nCurrently, nfsd_proc_stat_init() ignores the return value of\nsvc_proc_register(). If the procfile creation fails, then the kernel\nwill WARN when it tries to remove the entry later.\n\nFix nfsd_proc_stat_init() to return the same type of pointer as\nsvc_proc_register(), and fix up nfsd_net_init() to check that and fail\nthe nfsd_net construction if it occurs.\n\nsvc_proc_register() can fail if the dentry can\u0027t be allocated, or if an\nidentical dentry already exists. The second case is pretty unlikely in\nthe nfsd_net construction codepath, so if this happens, return -ENOMEM."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:16:53.347Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6a59b70fe71ec66c0dd19e2c279c71846a3fb2f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/e31957a819e60cf0bc9a49408765e6095fd3d046"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d9456185fd5f1891c74354ee297f19538141ead"
        },
        {
          "url": "https://git.kernel.org/stable/c/930b64ca0c511521f0abdd1d57ce52b2a6e3476b"
        }
      ],
      "title": "nfsd: don\u0027t ignore the return code of svc_proc_register()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-22026",
    "datePublished": "2025-04-16T14:11:47.243Z",
    "dateReserved": "2024-12-29T08:45:45.807Z",
    "dateUpdated": "2025-05-26T05:16:53.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-48978 (GCVE-0-2022-48978)

Vulnerability from cvelistv5

Published

2024-10-21 20:05

Modified

2025-05-04 08:27

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: HID: core: fix shift-out-of-bounds in hid_report_raw_event Syzbot reported shift-out-of-bounds in hid_report_raw_event. microsoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) > 32! (swapper/0) ====================================================================== UBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20 shift exponent 127 is too large for 32-bit type 'int' CPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:151 [inline] __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322 snto32 drivers/hid/hid-core.c:1323 [inline] hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline] hid_process_report drivers/hid/hid-core.c:1665 [inline] hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998 hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066 hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284 __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671 dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474 expire_timers kernel/time/timer.c:1519 [inline] __run_timers+0x76a/0x980 kernel/time/timer.c:1790 run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803 __do_softirq+0x277/0x75b kernel/softirq.c:571 __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650 irq_exit_rcu+0x5/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107 ====================================================================== If the size of the integer (unsigned n) is bigger than 32 in snto32(), shift exponent will be too large for 32-bit type 'int', resulting in a shift-out-of-bounds bug. Fix this by adding a check on the size of the integer (unsigned n) in snto32(). To add support for n greater than 32 bits, set n to 32, if n is greater than 32.

References

URL

Tags

	https://git.kernel.org/stable/c/151493fe5a6ed1a88decc929a7368a3f2a246914
	https://git.kernel.org/stable/c/809783f8b4b600c7fb3bccb10fefef822601ea3b
	https://git.kernel.org/stable/c/8e14f20e12224ee2429f75a5c9418a700e26a8d3
	https://git.kernel.org/stable/c/db1ed1b3fb4ec0d19080a102956255769bc45c79
	https://git.kernel.org/stable/c/bc03f809da78fc79e4aee132d4e5c6a2b3aeec73
	https://git.kernel.org/stable/c/f755d11c55b29049b77da5cd9ab2faae96eb33c3
	https://git.kernel.org/stable/c/2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d
	https://git.kernel.org/stable/c/ec61b41918587be530398b0d1c9a0d16619397e5

Impacted products

Vendor

Product

Version

Linux

Version: dde5845a529ff753364a6d1aea61180946270bfa
Version: dde5845a529ff753364a6d1aea61180946270bfa
Version: dde5845a529ff753364a6d1aea61180946270bfa
Version: dde5845a529ff753364a6d1aea61180946270bfa
Version: dde5845a529ff753364a6d1aea61180946270bfa
Version: dde5845a529ff753364a6d1aea61180946270bfa
Version: dde5845a529ff753364a6d1aea61180946270bfa
Version: dde5845a529ff753364a6d1aea61180946270bfa

Linux

Version: 2.6.20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T13:18:13.670064Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T13:18:44.244Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "151493fe5a6ed1a88decc929a7368a3f2a246914",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "809783f8b4b600c7fb3bccb10fefef822601ea3b",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "8e14f20e12224ee2429f75a5c9418a700e26a8d3",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "db1ed1b3fb4ec0d19080a102956255769bc45c79",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "bc03f809da78fc79e4aee132d4e5c6a2b3aeec73",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "f755d11c55b29049b77da5cd9ab2faae96eb33c3",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            },
            {
              "lessThan": "ec61b41918587be530398b0d1c9a0d16619397e5",
              "status": "affected",
              "version": "dde5845a529ff753364a6d1aea61180946270bfa",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/hid/hid-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.20"
            },
            {
              "lessThan": "2.6.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.336",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.302",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.*",
              "status": "unaffected",
              "version": "6.0.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.336",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.302",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.269",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.227",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.159",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.83",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.13",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1",
                  "versionStartIncluding": "2.6.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: fix shift-out-of-bounds in hid_report_raw_event\n\nSyzbot reported shift-out-of-bounds in hid_report_raw_event.\n\nmicrosoft 0003:045E:07DA.0001: hid_field_extract() called with n (128) \u003e\n32! (swapper/0)\n======================================================================\nUBSAN: shift-out-of-bounds in drivers/hid/hid-core.c:1323:20\nshift exponent 127 is too large for 32-bit type \u0027int\u0027\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted\n6.1.0-rc4-syzkaller-00159-g4bbf3422df78 #0\nHardware name: Google Compute Engine/Google Compute Engine, BIOS\nGoogle 10/26/2022\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x1e3/0x2cb lib/dump_stack.c:106\n ubsan_epilogue lib/ubsan.c:151 [inline]\n __ubsan_handle_shift_out_of_bounds+0x3a6/0x420 lib/ubsan.c:322\n snto32 drivers/hid/hid-core.c:1323 [inline]\n hid_input_fetch_field drivers/hid/hid-core.c:1572 [inline]\n hid_process_report drivers/hid/hid-core.c:1665 [inline]\n hid_report_raw_event+0xd56/0x18b0 drivers/hid/hid-core.c:1998\n hid_input_report+0x408/0x4f0 drivers/hid/hid-core.c:2066\n hid_irq_in+0x459/0x690 drivers/hid/usbhid/hid-core.c:284\n __usb_hcd_giveback_urb+0x369/0x530 drivers/usb/core/hcd.c:1671\n dummy_timer+0x86b/0x3110 drivers/usb/gadget/udc/dummy_hcd.c:1988\n call_timer_fn+0xf5/0x210 kernel/time/timer.c:1474\n expire_timers kernel/time/timer.c:1519 [inline]\n __run_timers+0x76a/0x980 kernel/time/timer.c:1790\n run_timer_softirq+0x63/0xf0 kernel/time/timer.c:1803\n __do_softirq+0x277/0x75b kernel/softirq.c:571\n __irq_exit_rcu+0xec/0x170 kernel/softirq.c:650\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:662\n sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1107\n======================================================================\n\nIf the size of the integer (unsigned n) is bigger than 32 in snto32(),\nshift exponent will be too large for 32-bit type \u0027int\u0027, resulting in a\nshift-out-of-bounds bug.\nFix this by adding a check on the size of the integer (unsigned n) in\nsnto32(). To add support for n greater than 32 bits, set n to 32, if n\nis greater than 32."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:27:18.594Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/151493fe5a6ed1a88decc929a7368a3f2a246914"
        },
        {
          "url": "https://git.kernel.org/stable/c/809783f8b4b600c7fb3bccb10fefef822601ea3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e14f20e12224ee2429f75a5c9418a700e26a8d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/db1ed1b3fb4ec0d19080a102956255769bc45c79"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc03f809da78fc79e4aee132d4e5c6a2b3aeec73"
        },
        {
          "url": "https://git.kernel.org/stable/c/f755d11c55b29049b77da5cd9ab2faae96eb33c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b3b4d7aadaa1b6b58d0f34823bf86cfe8a31b4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec61b41918587be530398b0d1c9a0d16619397e5"
        }
      ],
      "title": "HID: core: fix shift-out-of-bounds in hid_report_raw_event",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48978",
    "datePublished": "2024-10-21T20:05:57.079Z",
    "dateReserved": "2024-08-22T01:27:53.632Z",
    "dateUpdated": "2025-05-04T08:27:18.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2025:21082

Vulnerability from csaf_redhat

CVE-2025-38556 (GCVE-0-2025-38556)

Vulnerability from cvelistv5

CVE-2025-39751 (GCVE-0-2025-39751)

Vulnerability from cvelistv5

CVE-2025-37797 (GCVE-0-2025-37797)

Vulnerability from cvelistv5

CVE-2023-53373 (GCVE-0-2023-53373)

Vulnerability from cvelistv5

CVE-2025-22026 (GCVE-0-2025-22026)

Vulnerability from cvelistv5

CVE-2022-48978 (GCVE-0-2022-48978)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature