Vulnerability-Lookup

RHSA-2026:0754

Vulnerability from csaf_redhat - Published: 2026-01-19 01:18 - Updated: 2026-01-19 15:57

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823) * kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses (CVE-2023-53675) * kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (CVE-2023-53705) * kernel: libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823)\n\n* kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses (CVE-2023-53675)\n\n* kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (CVE-2023-53705)\n\n* kernel: libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0754",
        "url": "https://access.redhat.com/errata/RHSA-2026:0754"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2365024",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365024"
      },
      {
        "category": "external",
        "summary": "2402293",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402293"
      },
      {
        "category": "external",
        "summary": "2405713",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405713"
      },
      {
        "category": "external",
        "summary": "2422801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422801"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0754.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2026-01-19T15:57:45+00:00",
      "generator": {
        "date": "2026-01-19T15:57:45+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.15"
        }
      },
      "id": "RHSA-2026:0754",
      "initial_release_date": "2026-01-19T01:18:28+00:00",
      "revision_history": [
        {
          "date": "2026-01-19T01:18:28+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-19T01:18:28+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-01-19T15:57:45+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
                "product": {
                  "name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
                  "product_id": "7Server-RT-ELS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras_rt_els:7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
                "product": {
                  "name": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
                  "product_id": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.145.1.rt56.1297.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                "product": {
                  "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.145.1.rt56.1297.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
                "product": {
                  "name": "kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
                  "product_id": "kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.145.1.rt56.1297.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch"
        },
        "product_reference": "kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
          "product_id": "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        },
        "product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
        "relates_to_product_reference": "7Server-RT-ELS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-53675",
      "discovery_date": "2025-10-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2402293"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix possible desc_ptr out-of-bounds accesses\n\nSanitize possible desc_ptr out-of-bounds accesses in\nses_enclosure_data_process().",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The ses_enclosure_data_process() routine did not sufficiently validate descriptor pointer positions before dereferencing them, which could allow the parser to read beyond the buffer when a device or crafted input reports malformed enclosure pages. The fix adds strict pointer and length checks to avoid out-of-bounds accesses.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-53675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2402293",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402293"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-53675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53675"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2023-53675-e7ac@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025100707-CVE-2023-53675-e7ac@gregkh/T"
        }
      ],
      "release_date": "2025-10-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-19T01:18:28+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0754"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module ses from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: scsi: ses: Fix possible desc_ptr out-of-bounds accesses"
    },
    {
      "cve": "CVE-2023-53705",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2025-10-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2405713"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix out-of-bounds access in ipv6_find_tlv()\n\noptlen is fetched without checking whether there is more than one byte to parse.\nIt can lead to out-of-bounds access.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The function ipv6_find_tlv() parsed IPv6 extension headers without checking that at least two bytes were available before reading the option length field.\nAn attacker could send a malformed IPv6 packet with a truncated extension header, causing an out-of-bounds read and potential kernel crash or memory fault while parsing.\nThe fix adds a length check (if (len \u003c 2) goto bad;) before accessing the second byte, preventing buffer overrun.\nThis issue is remotely triggerable via network traffic and can lead to kernel panic (DoS) or, in rare cases, information leakage through speculative execution paths.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-53705"
        },
        {
          "category": "external",
          "summary": "RHBZ#2405713",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405713"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-53705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-53705"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53705",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53705"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53705-38d9@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025102212-CVE-2023-53705-38d9@gregkh/T"
        }
      ],
      "release_date": "2025-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-19T01:18:28+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0754"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: ipv6: Fix out-of-bounds access in ipv6_find_tlv()"
    },
    {
      "cve": "CVE-2025-37823",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-05-08T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2365024"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too\n\nSimilarly to the previous patch, we need to safe guard hfsc_dequeue()\ntoo. But for this one, we don\u0027t have a reliable reproducer.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-37823"
        },
        {
          "category": "external",
          "summary": "RHBZ#2365024",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365024"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-37823",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37823"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-37823",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37823"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025050821-CVE-2025-37823-d739@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025050821-CVE-2025-37823-d739@gregkh/T"
        }
      ],
      "release_date": "2025-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-19T01:18:28+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0754"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too"
    },
    {
      "cve": "CVE-2025-68285",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2025-12-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2422801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The have_mon_and_osd_map() function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory during CephFS or RBD mount operations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This race condition occurs during Ceph client session establishment. Exploitation is timing-dependent and requires concurrent map updates during mount, making practical exploitation difficult but not impossible.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
          "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
          "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
          "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68285"
        },
        {
          "category": "external",
          "summary": "RHBZ#2422801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68285"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68285",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68285"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68285-8339@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68285-8339@gregkh/T"
        }
      ],
      "release_date": "2025-12-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-19T01:18:28+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0754"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.src",
            "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.145.1.rt56.1297.el7.noarch",
            "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64",
            "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.145.1.rt56.1297.el7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()"
    }
  ]
}

CVE-2023-53675 (GCVE-0-2023-53675)

Vulnerability from cvelistv5 – Published: 2025-10-07 15:21 – Updated: 2026-01-05 10:21

Title

scsi: ses: Fix possible desc_ptr out-of-bounds accesses

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible desc_ptr out-of-bounds accesses Sanitize possible desc_ptr out-of-bounds accesses in ses_enclosure_data_process().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/72021ae61a2bc6ca7…
	https://git.kernel.org/stable/c/cffe09ca0555e235a…
	https://git.kernel.org/stable/c/79ec5dd5fb07ecaea…
	https://git.kernel.org/stable/c/c315560e3ef77c1d8…
	https://git.kernel.org/stable/c/584892fd29a41ef42…
	https://git.kernel.org/stable/c/414418abc19fa4ccf…
	https://git.kernel.org/stable/c/4b8cae410472653a5…
	https://git.kernel.org/stable/c/801ab13d50cf3d261…

Impacted products

Vendor

Product

Version

Linux

Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 72021ae61a2bc6ca73cd593e255a10ed5f5dc5e7 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < cffe09ca0555e235a42d6fa065e463c4b3d5b657 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 79ec5dd5fb07ecaea2f978c2d7a9f2f3526e4d19 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < c315560e3ef77c1d822249f1743e647dc9c9912a (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 584892fd29a41ef424a148118a3103b16b94fb8c (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 414418abc19fa4ccf730d273061a426c07a061d6 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 4b8cae410472653a59e15af62c57c49b8e0a1201 (git)
Affected: 9927c68864e9c39cc317b4f559309ba29e642168 , < 801ab13d50cf3d26170ee073ea8bb4eececb76ab (git)

Linux

Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 4.14.308 , ≤ 4.14.* (semver)
Unaffected: 4.19.276 , ≤ 4.19.* (semver)
Unaffected: 5.4.235 , ≤ 5.4.* (semver)
Unaffected: 5.10.173 , ≤ 5.10.* (semver)
Unaffected: 5.15.99 , ≤ 5.15.* (semver)
Unaffected: 6.1.16 , ≤ 6.1.* (semver)
Unaffected: 6.2.3 , ≤ 6.2.* (semver)
Unaffected: 6.3 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ses.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "72021ae61a2bc6ca73cd593e255a10ed5f5dc5e7",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "cffe09ca0555e235a42d6fa065e463c4b3d5b657",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "79ec5dd5fb07ecaea2f978c2d7a9f2f3526e4d19",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "c315560e3ef77c1d822249f1743e647dc9c9912a",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "584892fd29a41ef424a148118a3103b16b94fb8c",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "414418abc19fa4ccf730d273061a426c07a061d6",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "4b8cae410472653a59e15af62c57c49b8e0a1201",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            },
            {
              "lessThan": "801ab13d50cf3d26170ee073ea8bb4eececb76ab",
              "status": "affected",
              "version": "9927c68864e9c39cc317b4f559309ba29e642168",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ses.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.308",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.173",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.99",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.*",
              "status": "unaffected",
              "version": "6.2.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.3",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.308",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.276",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.235",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.173",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.99",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.16",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2.3",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ses: Fix possible desc_ptr out-of-bounds accesses\n\nSanitize possible desc_ptr out-of-bounds accesses in\nses_enclosure_data_process()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:21:48.403Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/72021ae61a2bc6ca73cd593e255a10ed5f5dc5e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/cffe09ca0555e235a42d6fa065e463c4b3d5b657"
        },
        {
          "url": "https://git.kernel.org/stable/c/79ec5dd5fb07ecaea2f978c2d7a9f2f3526e4d19"
        },
        {
          "url": "https://git.kernel.org/stable/c/c315560e3ef77c1d822249f1743e647dc9c9912a"
        },
        {
          "url": "https://git.kernel.org/stable/c/584892fd29a41ef424a148118a3103b16b94fb8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/414418abc19fa4ccf730d273061a426c07a061d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b8cae410472653a59e15af62c57c49b8e0a1201"
        },
        {
          "url": "https://git.kernel.org/stable/c/801ab13d50cf3d26170ee073ea8bb4eececb76ab"
        }
      ],
      "title": "scsi: ses: Fix possible desc_ptr out-of-bounds accesses",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53675",
    "datePublished": "2025-10-07T15:21:31.018Z",
    "dateReserved": "2025-10-07T15:16:59.663Z",
    "dateUpdated": "2026-01-05T10:21:48.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-53705 (GCVE-0-2023-53705)

Vulnerability from cvelistv5 – Published: 2025-10-22 13:23 – Updated: 2025-10-22 13:23

Title

ipv6: Fix out-of-bounds access in ipv6_find_tlv()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6_find_tlv() optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/59e656d0d4a84ea0e…
	https://git.kernel.org/stable/c/04bf69e3de435d793…
	https://git.kernel.org/stable/c/011f47c8b8389154f…
	https://git.kernel.org/stable/c/e5f82688ae10f5f38…
	https://git.kernel.org/stable/c/9b92e2d0eb696d758…
	https://git.kernel.org/stable/c/91dd8aab9c9f19321…
	https://git.kernel.org/stable/c/ae68c0f7edbc9a294…
	https://git.kernel.org/stable/c/878ecb0897f4737a4…

Impacted products

Vendor

Product

Version

Linux

Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < 59e656d0d4a84ea0ee9a39c6f69160a3effccc94 (git)
Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < 04bf69e3de435d793a203aacc4b774f8f9f2baeb (git)
Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < 011f47c8b8389154f996f5f69da8efc3a3beefef (git)
Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < e5f82688ae10f5f386952e65e941bb8868ee54dc (git)
Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < 9b92e2d0eb696d7586ba832c8854653b59887da0 (git)
Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < 91dd8aab9c9f193210681b86b6b92840ffe74f0c (git)
Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < ae68c0f7edbc9a294094ce03a0aaf45aa489ce40 (git)
Affected: c61a404325093250b676f40ad8f4dd00f3bcab5f , < 878ecb0897f4737a4c9401f3523fd49589025671 (git)

Linux

Affected: 2.6.19
Unaffected: 0 , < 2.6.19 (semver)
Unaffected: 4.14.316 , ≤ 4.14.* (semver)
Unaffected: 4.19.284 , ≤ 4.19.* (semver)
Unaffected: 5.4.244 , ≤ 5.4.* (semver)
Unaffected: 5.10.181 , ≤ 5.10.* (semver)
Unaffected: 5.15.114 , ≤ 5.15.* (semver)
Unaffected: 6.1.31 , ≤ 6.1.* (semver)
Unaffected: 6.3.5 , ≤ 6.3.* (semver)
Unaffected: 6.4 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/exthdrs_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "59e656d0d4a84ea0ee9a39c6f69160a3effccc94",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            },
            {
              "lessThan": "04bf69e3de435d793a203aacc4b774f8f9f2baeb",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            },
            {
              "lessThan": "011f47c8b8389154f996f5f69da8efc3a3beefef",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            },
            {
              "lessThan": "e5f82688ae10f5f386952e65e941bb8868ee54dc",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            },
            {
              "lessThan": "9b92e2d0eb696d7586ba832c8854653b59887da0",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            },
            {
              "lessThan": "91dd8aab9c9f193210681b86b6b92840ffe74f0c",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            },
            {
              "lessThan": "ae68c0f7edbc9a294094ce03a0aaf45aa489ce40",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            },
            {
              "lessThan": "878ecb0897f4737a4c9401f3523fd49589025671",
              "status": "affected",
              "version": "c61a404325093250b676f40ad8f4dd00f3bcab5f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/exthdrs_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.19"
            },
            {
              "lessThan": "2.6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.284",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.244",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.3.*",
              "status": "unaffected",
              "version": "6.3.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.4",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.316",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.284",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.244",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.181",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.114",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.31",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.3.5",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.4",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix out-of-bounds access in ipv6_find_tlv()\n\noptlen is fetched without checking whether there is more than one byte to parse.\nIt can lead to out-of-bounds access.\n\nFound by InfoTeCS on behalf of Linux Verification Center\n(linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T13:23:42.641Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/59e656d0d4a84ea0ee9a39c6f69160a3effccc94"
        },
        {
          "url": "https://git.kernel.org/stable/c/04bf69e3de435d793a203aacc4b774f8f9f2baeb"
        },
        {
          "url": "https://git.kernel.org/stable/c/011f47c8b8389154f996f5f69da8efc3a3beefef"
        },
        {
          "url": "https://git.kernel.org/stable/c/e5f82688ae10f5f386952e65e941bb8868ee54dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b92e2d0eb696d7586ba832c8854653b59887da0"
        },
        {
          "url": "https://git.kernel.org/stable/c/91dd8aab9c9f193210681b86b6b92840ffe74f0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae68c0f7edbc9a294094ce03a0aaf45aa489ce40"
        },
        {
          "url": "https://git.kernel.org/stable/c/878ecb0897f4737a4c9401f3523fd49589025671"
        }
      ],
      "title": "ipv6: Fix out-of-bounds access in ipv6_find_tlv()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-53705",
    "datePublished": "2025-10-22T13:23:42.641Z",
    "dateReserved": "2025-10-22T13:21:37.346Z",
    "dateUpdated": "2025-10-22T13:23:42.641Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-37823 (GCVE-0-2025-37823)

Vulnerability from cvelistv5 – Published: 2025-05-08 06:26 – Updated: 2025-11-03 19:55

Title

net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too

Summary

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/68f256305ceb426d5…
	https://git.kernel.org/stable/c/2f46d14919c39528c…
	https://git.kernel.org/stable/c/da7936518996d290e…
	https://git.kernel.org/stable/c/11bccb054c1462fb0…
	https://git.kernel.org/stable/c/76c4c22c2437d3d38…
	https://git.kernel.org/stable/c/c6f035044104c6ff6…
	https://git.kernel.org/stable/c/c6936266f8bf98a53…
	https://git.kernel.org/stable/c/6ccbda44e2cc3d26f…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 68f256305ceb426d545a0dc31f83c2ab1d211a1e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2f46d14919c39528c6e540ebc43f90055993eedc (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < da7936518996d290e2fcfcaf6cd7e15bfd87804a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 11bccb054c1462fb069219f8e98e97a5a730758e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 76c4c22c2437d3d3880efc0f62eca06ef078d290 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c6f035044104c6ff656f4565cd22938dc892528c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c6936266f8bf98a53f28ef9a820e6a501e946d09 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6ccbda44e2cc3d26fd22af54c650d6d5d801addf (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.293 , ≤ 5.4.* (semver)
Unaffected: 5.10.237 , ≤ 5.10.* (semver)
Unaffected: 5.15.181 , ≤ 5.15.* (semver)
Unaffected: 6.1.136 , ≤ 6.1.* (semver)
Unaffected: 6.6.89 , ≤ 6.6.* (semver)
Unaffected: 6.12.26 , ≤ 6.12.* (semver)
Unaffected: 6.14.5 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:55:56.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_hfsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "68f256305ceb426d545a0dc31f83c2ab1d211a1e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "2f46d14919c39528c6e540ebc43f90055993eedc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "da7936518996d290e2fcfcaf6cd7e15bfd87804a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "11bccb054c1462fb069219f8e98e97a5a730758e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "76c4c22c2437d3d3880efc0f62eca06ef078d290",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c6f035044104c6ff656f4565cd22938dc892528c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c6936266f8bf98a53f28ef9a820e6a501e946d09",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6ccbda44e2cc3d26fd22af54c650d6d5d801addf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_hfsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.293",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.136",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.89",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.293",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.136",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.89",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.26",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.5",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too\n\nSimilarly to the previous patch, we need to safe guard hfsc_dequeue()\ntoo. But for this one, we don\u0027t have a reliable reproducer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-26T05:21:39.046Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/68f256305ceb426d545a0dc31f83c2ab1d211a1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f46d14919c39528c6e540ebc43f90055993eedc"
        },
        {
          "url": "https://git.kernel.org/stable/c/da7936518996d290e2fcfcaf6cd7e15bfd87804a"
        },
        {
          "url": "https://git.kernel.org/stable/c/11bccb054c1462fb069219f8e98e97a5a730758e"
        },
        {
          "url": "https://git.kernel.org/stable/c/76c4c22c2437d3d3880efc0f62eca06ef078d290"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6f035044104c6ff656f4565cd22938dc892528c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6936266f8bf98a53f28ef9a820e6a501e946d09"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ccbda44e2cc3d26fd22af54c650d6d5d801addf"
        }
      ],
      "title": "net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37823",
    "datePublished": "2025-05-08T06:26:16.839Z",
    "dateReserved": "2025-04-16T04:51:23.947Z",
    "dateUpdated": "2025-11-03T19:55:56.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68285 (GCVE-0-2025-68285)

Vulnerability from cvelistv5 – Published: 2025-12-16 15:06 – Updated: 2026-01-02 15:34

Title

libceph: fix potential use-after-free in have_mon_and_osd_map()

Summary

In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both ceph_monc_handle_map() and handle_one_map() install a new map immediately after freeing the old one kfree(monc->monmap); monc->monmap = monmap; ceph_osdmap_destroy(osdc->osdmap); osdc->osdmap = newmap; under client->monc.mutex and client->osdc.lock respectively, but because neither is taken in have_mon_and_osd_map() it's possible for client->monc.monmap->epoch and client->osdc.osdmap->epoch arms in client->monc.monmap && client->monc.monmap->epoch && client->osdc.osdmap && client->osdc.osdmap->epoch; condition to dereference an already freed map. This happens to be reproducible with generic/395 and generic/397 with KASAN enabled: BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70 Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305 CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266 ... Call Trace: <TASK> have_mon_and_osd_map+0x56/0x70 ceph_open_session+0x182/0x290 ceph_get_tree+0x333/0x680 vfs_get_tree+0x49/0x180 do_new_mount+0x1a3/0x2d0 path_mount+0x6dd/0x730 do_mount+0x99/0xe0 __do_sys_mount+0x141/0x180 do_syscall_64+0x9f/0x100 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> Allocated by task 13305: ceph_osdmap_alloc+0x16/0x130 ceph_osdc_init+0x27a/0x4c0 ceph_create_client+0x153/0x190 create_fs_client+0x50/0x2a0 ceph_get_tree+0xff/0x680 vfs_get_tree+0x49/0x180 do_new_mount+0x1a3/0x2d0 path_mount+0x6dd/0x730 do_mount+0x99/0xe0 __do_sys_mount+0x141/0x180 do_syscall_64+0x9f/0x100 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 9475: kfree+0x212/0x290 handle_one_map+0x23c/0x3b0 ceph_osdc_handle_map+0x3c9/0x590 mon_dispatch+0x655/0x6f0 ceph_con_process_message+0xc3/0xe0 ceph_con_v1_try_read+0x614/0x760 ceph_con_workfn+0x2de/0x650 process_one_work+0x486/0x7c0 process_scheduled_works+0x73/0x90 worker_thread+0x1c8/0x2a0 kthread+0x2ec/0x300 ret_from_fork+0x24/0x40 ret_from_fork_asm+0x1a/0x30 Rewrite the wait loop to check the above condition directly with client->monc.mutex and client->osdc.lock taken as appropriate. While at it, improve the timeout handling (previously mount_timeout could be exceeded in case wait_event_interruptible_timeout() slept more than once) and access client->auth_err under client->monc.mutex to match how it's set in finish_auth(). monmap_show() and osdmap_show() now take the respective lock before accessing the map as well.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb4910c5fd436701f…
	https://git.kernel.org/stable/c/05ec43e9a9de67132…
	https://git.kernel.org/stable/c/7c8ccdc1714d9fabe…
	https://git.kernel.org/stable/c/183ad6e3b651e8fb0…
	https://git.kernel.org/stable/c/e08021b3b56b2407f…
	https://git.kernel.org/stable/c/3fc43120b22a3d4f1…
	https://git.kernel.org/stable/c/076381c261374c587…

Impacted products

Vendor

Product

Version

Linux

Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < bb4910c5fd436701faf367e1b5476a5a6d2aff1c (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 05ec43e9a9de67132dc8cd3b22afef001574947f (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 7c8ccdc1714d9fabecd26e1be7db1771061acc6e (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 183ad6e3b651e8fb0b66d6a2678f4b80bfbba092 (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < e08021b3b56b2407f37b5fe47b654be80cc665fb (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 3fc43120b22a3d4f1fbeff56a35ce2105b6a5683 (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 076381c261374c587700b3accf410bdd2dba334e (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 5.10.247 , ≤ 5.10.* (semver)
Unaffected: 5.15.197 , ≤ 5.15.* (semver)
Unaffected: 6.1.159 , ≤ 6.1.* (semver)
Unaffected: 6.6.119 , ≤ 6.6.* (semver)
Unaffected: 6.12.61 , ≤ 6.12.* (semver)
Unaffected: 6.17.11 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ceph/ceph_common.c",
            "net/ceph/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb4910c5fd436701faf367e1b5476a5a6d2aff1c",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "05ec43e9a9de67132dc8cd3b22afef001574947f",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "7c8ccdc1714d9fabecd26e1be7db1771061acc6e",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "183ad6e3b651e8fb0b66d6a2678f4b80bfbba092",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "e08021b3b56b2407f37b5fe47b654be80cc665fb",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "3fc43120b22a3d4f1fbeff56a35ce2105b6a5683",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "076381c261374c587700b3accf410bdd2dba334e",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ceph/ceph_common.c",
            "net/ceph/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.247",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.247",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.197",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.159",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.119",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.61",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.11",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived.  Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n    kfree(monc-\u003emonmap);\n    monc-\u003emonmap = monmap;\n\n    ceph_osdmap_destroy(osdc-\u003eosdmap);\n    osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n    client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n        client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map.  This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n    BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n    Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n    CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n    ...\n    Call Trace:\n    \u003cTASK\u003e\n    have_mon_and_osd_map+0x56/0x70\n    ceph_open_session+0x182/0x290\n    ceph_get_tree+0x333/0x680\n    vfs_get_tree+0x49/0x180\n    do_new_mount+0x1a3/0x2d0\n    path_mount+0x6dd/0x730\n    do_mount+0x99/0xe0\n    __do_sys_mount+0x141/0x180\n    do_syscall_64+0x9f/0x100\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n    \u003c/TASK\u003e\n\n    Allocated by task 13305:\n    ceph_osdmap_alloc+0x16/0x130\n    ceph_osdc_init+0x27a/0x4c0\n    ceph_create_client+0x153/0x190\n    create_fs_client+0x50/0x2a0\n    ceph_get_tree+0xff/0x680\n    vfs_get_tree+0x49/0x180\n    do_new_mount+0x1a3/0x2d0\n    path_mount+0x6dd/0x730\n    do_mount+0x99/0xe0\n    __do_sys_mount+0x141/0x180\n    do_syscall_64+0x9f/0x100\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n    Freed by task 9475:\n    kfree+0x212/0x290\n    handle_one_map+0x23c/0x3b0\n    ceph_osdc_handle_map+0x3c9/0x590\n    mon_dispatch+0x655/0x6f0\n    ceph_con_process_message+0xc3/0xe0\n    ceph_con_v1_try_read+0x614/0x760\n    ceph_con_workfn+0x2de/0x650\n    process_one_work+0x486/0x7c0\n    process_scheduled_works+0x73/0x90\n    worker_thread+0x1c8/0x2a0\n    kthread+0x2ec/0x300\n    ret_from_fork+0x24/0x40\n    ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate.  While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:34:50.454Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb4910c5fd436701faf367e1b5476a5a6d2aff1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/05ec43e9a9de67132dc8cd3b22afef001574947f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c8ccdc1714d9fabecd26e1be7db1771061acc6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/183ad6e3b651e8fb0b66d6a2678f4b80bfbba092"
        },
        {
          "url": "https://git.kernel.org/stable/c/e08021b3b56b2407f37b5fe47b654be80cc665fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fc43120b22a3d4f1fbeff56a35ce2105b6a5683"
        },
        {
          "url": "https://git.kernel.org/stable/c/076381c261374c587700b3accf410bdd2dba334e"
        }
      ],
      "title": "libceph: fix potential use-after-free in have_mon_and_osd_map()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68285",
    "datePublished": "2025-12-16T15:06:07.078Z",
    "dateReserved": "2025-12-16T14:48:05.292Z",
    "dateUpdated": "2026-01-02T15:34:50.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:0754

CVE-2023-53675 (GCVE-0-2023-53675)

CVE-2023-53705 (GCVE-0-2023-53705)

CVE-2025-37823 (GCVE-0-2025-37823)

CVE-2025-68285 (GCVE-0-2025-68285)

Tags

Sightings

Nomenclature