Detections
Analytics

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2025-20471)

medium Nessus Plugin ID 242165

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20471 advisory.

 - Add Zen34 clients (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD)) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38023241] {CVE-2024-36350} {CVE-2024-36357}
 - udmabuf: fix a buf size overflow issue during udmabuf creation (Xiaogang Chen) [Orabug: 37929939] {CVE-2025-37803}
 - qibfs: fix _another_ leak (Al Viro) [Orabug: 37977084] {CVE-2025-37983}
 - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() (Chenyuan Yang) [Orabug: 37937504] {CVE-2025-37881}
 - crypto: null - Use spin lock instead of mutex (Herbert Xu) [Orabug: 37929974] {CVE-2025-37808}
 - usb: dwc3: gadget: check that event count does not exceed event buffer length (Frode Isaksen) [Orabug:
 37929982] {CVE-2025-37810}
 - usb: cdns3: Fix deadlock when using NCM gadget (Ralph Siemsen) [Orabug: 37929989] {CVE-2025-37812}
 - mcb: fix a double free bug in chameleon_parse_gdd() (Haoxiang Li) [Orabug: 37930001] {CVE-2025-37817}
 - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (Cong Wang) [Orabug: 37930029] {CVE-2025-37823}
 - net_sched: hfsc: Fix a UAF vulnerability in class handling (Cong Wang) [Orabug: 37908485] {CVE-2025-37797}
 - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() (Tung Nguyen) [Orabug: 37930040] {CVE-2025-37824}
 - net: phy: leds: fix memory leak (Qingfang Deng) [Orabug: 37977113] {CVE-2025-37989}
 - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() (Henry Martin) [Orabug: 37930052] {CVE-2025-37829}
 - drm/amd/pm: Prevent division by zero (Denis Arefev) [Orabug: 37901824,37901841,37901831] {CVE-2025-37766,CVE-2025-37768,CVE-2025-37770}
 - ext4: fix OOB read when checking dotdot dir (Jakub Acs) [Orabug: 37855335] {CVE-2025-37785}
 - virtio-net: Add validation for used length (Xie Yongji) [Orabug: 37079171] {CVE-2021-47352}
 - RDMA/srpt: Support specifying the srpt_service_guid parameter (Bart Van Assche) [Orabug: 36530711] {CVE-2024-26744}
 - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error (Kunihiko Hayashi) [Orabug: 37901587] {CVE-2025-23140}
 - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Kuniyuki Iwashima) [Orabug: 37264115] {CVE-2024-50154}
 - drm/nouveau: prime: fix ttm_bo_delayed_delete oops (Chris Bainbridge) [Orabug: 37901818] {CVE-2025-37765}
 - virtiofs: add filesystem context source name check (Xiangsheng Hou) [Orabug: 37901855] {CVE-2025-37773}
 - isofs: Prevent the use of too small fid (Edward Adam Davis) [Orabug: 37901890] {CVE-2025-37780}
 - i2c: cros-ec-tunnel: defer probe if parent EC is not present (Thadeu Lima de Souza Cascardo) [Orabug:
 37901898] {CVE-2025-37781}
 - net: openvswitch: fix nested key length validation in the set() action (Ilya Maximets) [Orabug:
 37901923] {CVE-2025-37789}
 - Bluetooth: btrtl: Prevent potential NULL dereference (Dan Carpenter) [Orabug: 37901934] {CVE-2025-37792}
 - wifi: wl1251: fix memory leak in wl1251_tx_work (Abdun Nihaal) [Orabug: 37977076] {CVE-2025-37982}
 - wifi: mac80211: Purge vif txq in ieee80211_do_stop() (Remi Pommarel) [Orabug: 37901940] {CVE-2025-37794}
 - wifi: at76c50x: fix use after free access in at76_disconnect (Abdun Nihaal) [Orabug: 37901953] {CVE-2025-37796}
 - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition (Kaixin Wang) [Orabug: 37855341] {CVE-2025-37838}
 - ftrace: Add cond_resched() to ftrace_graph_set_hash() (Zhoumin) [Orabug: 37976893] {CVE-2025-37940}
 - sctp: detect and prevent references to a freed transport in sendmsg (Ricardo Canuelo Navarro) [Orabug:
 37901597] {CVE-2025-23142}
 - mtd: inftlcore: Add error check for inftl_read_oob() (Xu Wang) [Orabug: 37976720] {CVE-2025-37892}
 - jbd2: remove wrong sb->s_sequence check (Jan Kara) [Orabug: 37937283] {CVE-2025-37839}
 - i3c: Add NULL pointer check in i3c_master_queue_ibi() (Manjunatha Venkatesh) [Orabug: 37901622] {CVE-2025-23147}
 - ext4: fix off-by-one error in do_split (Artem Sadovnikov) [Orabug: 37901631] {CVE-2025-23150}
 - media: venus: hfi_parser: add check to avoid out of bound access (Vikash Garodia) [Orabug: 37901653] {CVE-2025-23157}
 - mtd: rawnand: brcmnand: fix PM resume warning (Kamal Dasu) [Orabug: 37937292] {CVE-2025-37840}
 - media: venus: hfi: add check to handle incorrect queue size (Vikash Garodia) [Orabug: 37901657] {CVE-2025-23158}
 - media: venus: hfi: add a check to handle OOB in sfr region (Vikash Garodia) [Orabug: 37901662] {CVE-2025-23159}
 - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() (Josh Poimboeuf) [Orabug: 37937329] {CVE-2025-37850}
 - net: vlan: don't propagate flags on open (Stanislav Fomichev) [Orabug: 37901684] {CVE-2025-23163}
 - scsi: st: Fix array overflow in st_setup() (Kai Makisara) [Orabug: 37937379] {CVE-2025-37857}
 - ext4: ignore xattrs past end (Bhupesh) [Orabug: 37901692] {CVE-2025-37738}
 - jfs: add sanity check for agwidth in dbMount (Edward Adam Davis) [Orabug: 37901707] {CVE-2025-37740}
 - jfs: Prevent copying of nlink with value 0 from disk inode (Edward Adam Davis) [Orabug: 37901716] {CVE-2025-37741}
 - fs/jfs: Prevent integer overflow in AG size calculation (Rand Deeb) [Orabug: 37937387] {CVE-2025-37858}
 - page_pool: avoid infinite loop to schedule delayed worker (Jason Xing) [Orabug: 37937395] {CVE-2025-37859}
 - HID: pidff: Fix null pointer dereference in pidff_find_fields (Tomasz Pakula) [Orabug: 37937410] {CVE-2025-37862}
 - pm: cpupower: bench: Prevent NULL dereference on malloc failure (Zhongqiu Han) [Orabug: 37937297] {CVE-2025-37841}
 - net: ppp: Add bound checking for skb data on ppp_sync_txmung (Arnaud Lecomte) [Orabug: 37901766] {CVE-2025-37749}
 - tipc: fix memory leak in tipc_link_xmit (Tung Nguyen) [Orabug: 37901790] {CVE-2025-37757}
 - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() (Henry Martin) [Orabug:
 37901796] {CVE-2025-37758}
 - selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Add 'vmexit' option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37863727] {CVE-2024-28956}
 - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (Elena Salomatkina) [Orabug: 37206299,37670859] {CVE-2024-50000}
 - net/mlx5: Fix error path in multi-packet WQE transmit (Gerd Bayer) [Orabug: 37206302,37670859] {CVE-2024-50001}
 - net/mlx5: Discard command completions in internal error (Akiva Goldberger) [Orabug: 36753438,37670859] {CVE-2024-38555}
 - net/mlx5e: fix a potential double-free in fs_any_create_groups (Dinghao Liu) [Orabug: 36802351,37670859] {CVE-2023-52667}
 - tracing: Fix use-after-free in print_graph_function_flags during tracer switching (Tengda Wu) [Orabug:
 37844202] {CVE-2025-22035}
 - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Jann Horn) [Orabug: 37844275] {CVE-2025-22045}
 - arcnet: Add NULL check in com20020pci_probe() (Henry Martin) [Orabug: 37844303] {CVE-2025-22054}
 - net_sched: skbprio: Remove overly strict queue assertions (Cong Wang) [Orabug: 37855375] {CVE-2025-38637}
 - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (Debin Zhu) [Orabug: 37844344] {CVE-2025-22063}
 - spufs: fix a leak in spufs_create_context() (Al Viro) [Orabug: 37844365] {CVE-2025-22071}
 - spufs: fix a leak on spufs_new_file() failure (Al Viro) [Orabug: 37844378] {CVE-2025-22073}
 - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() (Josh Poimboeuf) [Orabug: 37976879] {CVE-2025-37937}
 - ocfs2: validate l_tree_depth to avoid out-of-bounds access (Vasiliy Kovalev) [Orabug: 37844394] {CVE-2025-22079}
 - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (Patrisious Haddad) [Orabug: 37844422] {CVE-2025-22086}
 - PCI/ASPM: Fix link state exit during switch upstream function removal (Daniel Stodden) [Orabug:
 37844108] {CVE-2024-58093}
 - thermal: int340x: Add NULL check for adev (Chenyuan Yang) [Orabug: 37844584] {CVE-2025-23136}
 - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Luo Qiu) [Orabug: 37844141] {CVE-2025-22020}
 - netfilter: socket: Lookup orig tuple for IPv6 SNAT (Maxim Mikityanskiy) [Orabug: 37844145] {CVE-2025-22021}
 - atm: Fix NULL pointer dereference (Minjoong Kim) [Orabug: 37838897] {CVE-2025-22018}
 - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() (Nikita Zhandarovich) [Orabug:
 37828196] {CVE-2025-21996}
 - net: atm: fix use after free in lec_send() (Dan Carpenter) [Orabug: 37828221] {CVE-2025-22004}
 - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). (Kuniyuki Iwashima) [Orabug: 37828229] {CVE-2025-22005}
 - Bluetooth: Fix error code in chan_alloc_skb_cb() (Dan Carpenter) [Orabug: 37828235] {CVE-2025-22007}
 - drm/amd/display: Assign normalized_pix_clk when color depth = 14 (Alex Hung) [Orabug: 37828049] {CVE-2025-21956}
 - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (Florent Revest) [Orabug:
 37828167] {CVE-2025-21991}
 - HID: ignore non-functional sensor in HP 5MP Camera (Chia-Lin Kao) [Orabug: 37828174] {CVE-2025-21992}
 - scsi: qla1280: Fix kernel oops when debug level > 2 (Magnus Lindholm) [Orabug: 37828056] {CVE-2025-21957}
 - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (Chengen Du) [Orabug:
 37828181] {CVE-2025-21993}
 - net_sched: Prevent creation of classes with TC_H_ROOT (Cong Wang) [Orabug: 37828110] {CVE-2025-21971}
 - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() (Kohei Enju) [Orabug: 37828064] {CVE-2025-21959}
 - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283,37846673] {CVE-2025-21638}
 - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug:
 37497303,37846668] {CVE-2025-21640}
 - jfs: fix slab-out-of-bounds read in ea_get() (Qasim Ijaz) [Orabug: 37855411] {CVE-2025-39735}
 - slimbus: messaging: Free transaction ID in delayed interrupt scenario (Visweswara Tanuku) [Orabug:
 37827905] {CVE-2025-21914}
 - Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [Orabug: 36597911] {CVE-2024-26982}
 - usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich) [Orabug: 37828336] {CVE-2025-21916}
 - usb: renesas_usbhs: Flush the notify_hotplug_work (Claudiu Beznea) [Orabug: 37827913] {CVE-2025-21917}
 - vlan: enforce underlying device type (Oscar Maes) [Orabug: 37827929] {CVE-2025-21920}
 - ppp: Fix KMSAN uninit-value warning with bpf (Jiayuan Chen) [Orabug: 37827937] {CVE-2025-21922}
 - llc: do not use skb_get() before dev_queue_xmit() (Eric Dumazet) [Orabug: 37827950] {CVE-2025-21925}
 - caif_virtio: fix wrong pointer check in cfv_probe() (Vitaliy Shevtsov) [Orabug: 37827863] {CVE-2025-21904}
 - net: gso: fix ownership in __udp_gso_segment (Antoine Tenart) [Orabug: 37827956] {CVE-2025-21926}
 - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (Zhang Lixu) [Orabug: 37827964] {CVE-2025-21928}
 - wifi: iwlwifi: limit printed string from FW file (Johannes Berg) [Orabug: 37827870] {CVE-2025-21905}
 - rapidio: fix an API misues when rio_add_net() fails (Haoxiang Li) [Orabug: 37827984] {CVE-2025-21934}
 - rapidio: add check for rio_add_net() in rio_scan_alloc_net() (Haoxiang Li) [Orabug: 37827989] {CVE-2025-21935}
 - wifi: nl80211: reject cooked mode if it is set along with other flags (Vitaliy Shevtsov) [Orabug:
 37827880] {CVE-2025-21909}
 - wifi: cfg80211: regulatory: improve invalid hints checking (Nikita Zhandarovich) [Orabug: 37827887] {CVE-2025-21910}
 - HID: appleir: Fix potential NULL dereference at raw event handle (Daniil Dulov) [Orabug: 37828025] {CVE-2025-21948}
 - acct: perform last write from workqueue (Christian Brauner) [Orabug: 37702044] {CVE-2025-21846}
 - drop_monitor: fix incorrect initialization order (Gavrilov Ilia) [Orabug: 37702107] {CVE-2025-21862}
 - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (Quang Le) [Orabug: 37611837] {CVE-2025-21702}
 - sched/core: Prevent rescheduling when interrupts are disabled (Thomas Gleixner) [Orabug: 37766213] {CVE-2024-58090}
 - usbnet: gl620a: fix endpoint checking in genelink_bind() (Nikita Zhandarovich) [Orabug: 37766256] {CVE-2025-21877}
 - ftrace: Avoid potential division by zero in function_stat_show() (Nikolay Kuratov) [Orabug: 37827849] {CVE-2025-21898}
 - batman-adv: Drop unmanaged ELP metric worker (Sven Eckelmann) [Orabug: 37650307] {CVE-2025-21823}
 - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (Haoxiang Li) [Orabug: 37702054] {CVE-2025-21848}
 - tee: optee: Fix supplicant wait loop (Sumit Garg) [Orabug: 37766233] {CVE-2025-21871}
 - geneve: Fix use-after-free in geneve_find_dev(). (Kuniyuki Iwashima) [Orabug: 37702088] {CVE-2025-21858}
 - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC (Christophe Leroy) [Orabug: 37702123] {CVE-2025-21866}
 - USB: gadget: f_midi: f_midi_complete to call queue_work (Jill Donahue) [Orabug: 37702094] {CVE-2025-21859}
 - memcg: fix soft lockup in the OOM process (Chen Ridong) [Orabug: 37649599] {CVE-2024-57977}
 - driver core: bus: Fix double free in driver API bus_register() (Zijun Hu) [Orabug: 37206511] {CVE-2024-50055}
 - pps: Fix a use-after-free (Calvin Owens) [Orabug: 37649607] {CVE-2024-57979}
 - nilfs2: protect access to buffers with no active references (Ryusuke Konishi) [Orabug: 37650248] {CVE-2025-21811}
 - nilfs2: do not force clear folio if buffer is referenced (Ryusuke Konishi) [Orabug: 37649878] {CVE-2025-21722}
 - ndisc: extend RCU protection in ndisc_send_skb() (Eric Dumazet) [Orabug: 37650045] {CVE-2025-21760}
 - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (Eric Dumazet) [Orabug: 37650052] {CVE-2025-21761}
 - arp: use RCU protection in arp_xmit() (Eric Dumazet) [Orabug: 37650059] {CVE-2025-21762}
 - neighbour: use RCU protection in __neigh_notify() (Eric Dumazet) [Orabug: 37650066] {CVE-2025-21763}
 - ndisc: use RCU protection in ndisc_alloc_skb() (Eric Dumazet) [Orabug: 37650072] {CVE-2025-21764}
 - ipv6: use RCU protection in ip6_default_advmss() (Eric Dumazet) [Orabug: 37650078] {CVE-2025-21765}
 - partitions: mac: fix handling of bogus partition table (Jann Horn) [Orabug: 37650105] {CVE-2025-21772}
 - usb: cdc-acm: Check control transfer buffer size before access (Jann Horn) [Orabug: 37634049] {CVE-2025-21704}
 - USB: hub: Ignore non-compliant devices with too many configs or interfaces (Alan Stern) [Orabug:
 37650120] {CVE-2025-21776}
 - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths (John Keeping) [Orabug: 37685650] {CVE-2025-21835}
 - batman-adv: fix panic during interface removal (Andy Strohman) [Orabug: 37650144] {CVE-2025-21781}
 - orangefs: fix a oob in orangefs_debug_write (Mike Marshall) [Orabug: 37650149] {CVE-2025-21782}
 - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (Radu Rendec) [Orabug: 37650160] {CVE-2025-21785}
 - team: better TEAM_OPTION_TYPE_STRING validation (Eric Dumazet) [Orabug: 37650167] {CVE-2025-21787}
 - vrf: use RCU protection in l3mdev_l3_out() (Eric Dumazet) [Orabug: 37650181] {CVE-2025-21791}
 - HID: multitouch: Add NULL check in mt_input_configured (Charles Han) [Orabug: 37649788] {CVE-2024-58020}
 - ptp: Ensure info->enable callback is always set (Thomas Weissschuh) [Orabug: 37650263] {CVE-2025-21814}
 - NFC: nci: Add bounds checking in nci_hci_create_pipe() (Dan Carpenter) [Orabug: 37649936] {CVE-2025-21735}
 - nilfs2: fix possible int overflows in nilfs_fiemap() (Nikita Zhandarovich) [Orabug: 37649942] {CVE-2025-21736}
 - ocfs2: handle a symlink read error correctly (Matthew Wilcox) [Orabug: 37649687] {CVE-2024-58001}
 - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
 - soc: qcom: socinfo: Avoid out of bounds read of serial number (Stephan Gerhold) [Orabug: 37649715] {CVE-2024-58007}
 - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() (Marcel Hamer) [Orabug: 37649971] {CVE-2025-21744}
 - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (Sean Christopherson) [Orabug: 37678567] {CVE-2024-58083}
 - binfmt_flat: Fix integer overflow bug on 32 bit systems (Dan Carpenter) [Orabug: 37649721] {CVE-2024-58010}
 - net: rose: lock the socket in rose_bind() (Eric Dumazet) [Orabug: 37649987] {CVE-2025-21749}
 - usb: xhci: Fix NULL pointer dereference on certain command aborts (Michal Pecio) [Orabug: 37649622] {CVE-2024-57981}
 - net: usb: rtl8150: enable basic endpoint checking (Nikita Zhandarovich) [Orabug: 37649812] {CVE-2025-21708}
 - media: uvcvideo: Remove dangling pointers (Ricardo Ribalda) [Orabug: 37649696] {CVE-2024-58002}
 - nilfs2: handle errors that nilfs_prepare_chunk() may return (Ryusuke Konishi) [Orabug: 37649870] {CVE-2025-21721}
 - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (Dmitry Antipov) [Orabug:
 37649750] {CVE-2024-58014}
 - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX (Kuan-Wei Chiu) [Orabug: 37649768] {CVE-2024-58017}
 - btrfs: fix use-after-free when attempting to join an aborted transaction (Filipe Manana) [Orabug:
 37650014] {CVE-2025-21753}
 - usb: gadget: f_tcm: Don't free command immediately (Thinh Nguyen) [Orabug: 37678479] {CVE-2024-58055}
 - media: uvcvideo: Fix double free in error path (Laurent Pinchart) [Orabug: 37649615] {CVE-2024-57980}
 - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (Alan Stern) [Orabug: 37649644] {CVE-2024-57986}
 - net: davicom: fix UAF in dm9000_drv_remove (Chenyuan Yang) [Orabug: 37649846] {CVE-2025-21715}
 - net: rose: fix timer races against user threads (Eric Dumazet) [Orabug: 37649856] {CVE-2025-21718}
 - ipmr: do not call mr_mfc_uses_dev() for unres entries (Eric Dumazet) [Orabug: 37649862] {CVE-2025-21719}
 - ubifs: skip dumping tnc tree when zroot is null (Pangliyuan) [Orabug: 37678491] {CVE-2024-58058}
 - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (Oleksij Rempel) [Orabug: 37678517] {CVE-2024-58069}
 - rdma/cxgb4: Prevent potential integer overflow on 32bit (Dan Carpenter) [Orabug: 37649564] {CVE-2024-57973}
 - bpf: Send signals asynchronously if !preemptible (Puranjay Mohan) [Orabug: 37649909] {CVE-2025-21728}
 - net: sched: Disallow replacing of child qdisc from one parent to another (Jamal Hadi Salim) [Orabug:
 37592533] {CVE-2025-21700}
 - net: let net.core.dev_weight always be non-zero (Liu Jian) [Orabug: 37650232] {CVE-2025-21806}
 - team: prevent adding a device which is already a team device lower (Octavian Purdila) [Orabug: 37678523] {CVE-2024-58071}
 - wifi: rtlwifi: fix memory leaks and invalid access at probe error path (Thadeu Lima de Souza Cascardo) [Orabug: 37678504] {CVE-2024-58063}
 - wifi: rtlwifi: remove unused check_buddy_priv (Thadeu Lima de Souza Cascardo) [Orabug: 37678530] {CVE-2024-58072}
 - ipmi: ipmb: Add check devm_kasprintf() returned value (Charles Han) [Orabug: 37678457] {CVE-2024-58051}
 - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table (Ivan Stepchenko) [Orabug: 37678463] {CVE-2024-58052}
 - nbd: don't allow reconnect after disconnect (Yu Kuai) [Orabug: 37649918] {CVE-2025-21731}
 - net: mana: Fix TX CQE error handling (Haiyang Zhang) [Orabug: 36983924] {CVE-2023-52532}
 - net: core: reject skb_copy(_expand) for fraglist GSO skbs (Felix Fietkau) [Orabug: 36683418] {CVE-2024-36929}
 - udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [Orabug: 36643088] {CVE-2024-35884}
 - udp: never accept GSO_FRAGLIST packets (Paolo Abeni) [Orabug: 36643088] {CVE-2024-35884}
 - udp: initialize is_flist with 0 in udp_gro_receive (Xin Long) [Orabug: 36643088] {CVE-2024-35884}
 - ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494}
 - sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Hoiland-Jorgensen) [Orabug:
 37497384] {CVE-2025-21647}
 - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang) [Orabug: 37611855] {CVE-2025-21703}
 - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima) [Orabug: 37707676] {CVE-2025-21865}
 - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin) [Orabug: 37650394] {CVE-2024-58009}
 - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487] {CVE-2024-50046}
 - drm/v3d: Assign job pointer to NULL before signaling the fence (Maira Canal) [Orabug: 37707590] {CVE-2025-21688}
 - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz) [Orabug: 37592080] {CVE-2025-21689}
 - ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li) [Orabug: 37200960] {CVE-2024-49884}
 - vfio/platform: check the bounds of read/write syscalls (Alex Williamson) [Orabug: 37592070] {CVE-2025-21687}
 - net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park) [Orabug: 37206012] {CVE-2024-49936}
 - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [Orabug: 37592129] {CVE-2025-21699}
 - net: fix data-races around sk->sk_forward_alloc (Wang Liang) [Orabug: 37388796] {CVE-2024-53124}
 - scsi: sg: Fix slab-use-after-free read in sg_release() (Surajsonawane2415) [Orabug: 37434118] {CVE-2024-56631}
 - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet) [Orabug: 37200707] {CVE-2024-47707}
 - fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel) [Orabug: 37592153] {CVE-2025-21694}
 - mac802154: check local interfaces before deleting sdata list (Lizhi Xu) [Orabug: 37555776] {CVE-2024-57948}
 - drm/v3d: Ensure job pointer is set to NULL after job completion (Maira Canal) [Orabug: 37592115] {CVE-2025-21697}
 - gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima) [Orabug: 37555832] {CVE-2025-21678}
 - sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497290] {CVE-2025-21639}
 - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam) [Orabug: 37485004,37707634] {CVE-2024-57892}
 - iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori) [Orabug: 37497149] {CVE-2024-57904}
 - iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497160] {CVE-2024-57906}
 - iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497169] {CVE-2024-57908}
 - iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497179] {CVE-2024-57910}
 - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco) [Orabug:
 37497183] {CVE-2024-57911}
 - iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco) [Orabug: 37497189] {CVE-2024-57912}
 - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M) [Orabug: 37497196] {CVE-2024-57913}
 - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu) [Orabug: 37592120,37497205] {CVE-2024-57915,CVE-2025-21698}
 - drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li) [Orabug: 37497225] {CVE-2024-57922}
 - sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497283] {CVE-2025-21638}
 - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts) [Orabug: 37497303] {CVE-2025-21640}
 - dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen) [Orabug: 37506783] {CVE-2025-21664}
 - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet) [Orabug: 37497346] {CVE-2025-21653}
 - dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai) [Orabug:
 37497249] {CVE-2024-57929}
 - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938] {CVE-2023-52450}
 - io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug:
 36897354,37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37304721,37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787] {CVE-2024-41080,CVE-2024-53052}
 - NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187,37664124] {CVE-2024-49974}
 - ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986}
 - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767}
 - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug:
 37452687] {CVE-2024-56769}
 - net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164}
 - mtd: rawnand: fix double free in atmel_pmecc_create_user() (Dan Carpenter) [Orabug: 37506347] {CVE-2024-56766}
 - xen/netfront: fix crash when removing device (Juergen Gross) [Orabug: 37427542] {CVE-2024-53240}
 - net: lapb: increase LAPB_HEADER_LEN (Eric Dumazet) [Orabug: 37434237] {CVE-2024-56659}
 - tipc: fix NULL deref in cleanup_bearer() (Eric Dumazet) [Orabug: 37506456] {CVE-2024-56661}
 - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (Lianqin Hu) [Orabug: 37434264] {CVE-2024-56670}
 - ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) [Orabug: 37427489] {CVE-2024-53150}
 - bpf: fix OOB devmap writes when deleting elements (Maciej Fijalkowski) [Orabug: 37434047] {CVE-2024-56615}
 - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. (Qi Han) [Orabug: 37433861] {CVE-2024-56586}
 - leds: class: Protect brightness_show() with led_cdev->led_access mutex (Mukesh Ojha) [Orabug: 37433869] {CVE-2024-56587}
 - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (Norbert van Bolhuis) [Orabug: 37433908] {CVE-2024-56593}
 - drm/amdgpu: set the right AMDGPU sg segment limitation (Prike Liang) [Orabug: 37433914] {CVE-2024-56594}
 - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (Nihar Chaithanya) [Orabug: 37433920] {CVE-2024-56595}
 - jfs: fix array-index-out-of-bounds in jfs_readdir (Ghanshyam Agrawal) [Orabug: 37433928] {CVE-2024-56596}
 - jfs: fix shift-out-of-bounds in dbSplit (Ghanshyam Agrawal) [Orabug: 37433934] {CVE-2024-56597}
 - jfs: array-index-out-of-bounds fix in dtReadFirst (Ghanshyam Agrawal) [Orabug: 37433941] {CVE-2024-56598}
 - net: inet6: do not leave a dangling sk pointer in inet6_create() (Ignat Korchagin) [Orabug: 37433955] {CVE-2024-56600}
 - net: inet: do not leave a dangling sk pointer in inet_create() (Ignat Korchagin) [Orabug: 37433962] {CVE-2024-56601}
 - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (Ignat Korchagin) [Orabug:
 37433970] {CVE-2024-56602}
 - net: af_can: do not leave a dangling sk pointer in can_create() (Ignat Korchagin) [Orabug: 37433977] {CVE-2024-56603}
 - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (Ignat Korchagin) [Orabug: 37433990] {CVE-2024-56605}
 - af_packet: avoid erroring out after sock_init_data() in packet_create() (Ignat Korchagin) [Orabug:
 37433996] {CVE-2024-56606}
 - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (Ryusuke Konishi) [Orabug:
 37434065] {CVE-2024-56619}
 - HID: wacom: fix when get product name maybe null pointer (WangYuli) [Orabug: 37434108] {CVE-2024-56629}
 - ocfs2: free inode when ocfs2_get_init_inode() fails (Tetsuo Handa) [Orabug: 37434113] {CVE-2024-56630}
 - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (Zijian Zhang) [Orabug: 37434127] {CVE-2024-56633}
 - gpio: grgpio: Add NULL check in grgpio_probe (Charles Han) [Orabug: 37434131] {CVE-2024-56634}
 - xen: Fix the issue of resource not being properly released in xenbus_dev_probe() (Qiu-ji Chen) [Orabug:
 37433540] {CVE-2024-53198}
 - netfilter: ipset: Hold module reference while requesting a module (Phil Sutter) [Orabug: 37434143] {CVE-2024-56637}
 - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). (Kuniyuki Iwashima) [Orabug: 37434161] {CVE-2024-56642}
 - dccp: Fix memory leak in dccp_feat_change_recv (Ivan Solodovnikov) [Orabug: 37434167] {CVE-2024-56643}
 - netfilter: x_tables: fix LED ID check in led_tg_check() (Dmitry Antipov) [Orabug: 37434200] {CVE-2024-56650}
 - nfsd: make sure exp active before svc_export_show (Yang Erkun) [Orabug: 37433745] {CVE-2024-56558}
 - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (Frank Li) [Orabug: 37433756] {CVE-2024-56562}
 - ad7780: fix division by zero in ad7780_write_raw() (Zicheng Qu) [Orabug: 37433772] {CVE-2024-56567}
 - ftrace: Fix regression with module command in stack_trace_filter (guoweikang) [Orabug: 37433784] {CVE-2024-56569}
 - ovl: Filter invalid inodes with missing lookup function (Vasiliy Kovalev) [Orabug: 37433789] {CVE-2024-56570}
 - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (Gaosheng Cui) [Orabug: 37433798] {CVE-2024-56572}
 - media: ts2020: fix null-ptr-deref in ts2020_probe() (Li Zetao) [Orabug: 37433805] {CVE-2024-56574}
 - media: i2c: tc358743: Fix crash in the probe error path when using polling (Alexander Shiyan) [Orabug:
 37433817] {CVE-2024-56576}
 - btrfs: ref-verify: fix use-after-free after invalid ref action (Filipe Manana) [Orabug: 37433832] {CVE-2024-56581}
 - sh: intc: Fix use-after-free bug in register_intc_controller() (Dan Carpenter) [Orabug: 37433393] {CVE-2024-53165}
 - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (Liu Jian) [Orabug: 37434314] {CVE-2024-56688}
 - 9p/xen: fix release of IRQ (Alex Zenla) [Orabug: 37434374] {CVE-2024-56704}
 - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (Waqar Hameed) [Orabug: 37433414] {CVE-2024-53171}
 - ubi: fastmap: Fix duplicate slab cache names while attaching (Zhihao Cheng) [Orabug: 37433419] {CVE-2024-53172}
 - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (Yongliang Gao) [Orabug: 37434456] {CVE-2024-56739}
 - NFSv4.0: Fix a use-after-free problem in the asynchronous open() (Trond Myklebust) [Orabug: 37433426] {CVE-2024-53173}
 - um: Fix potential integer overflow during physmem setup (Tiwei Bie) [Orabug: 37427464] {CVE-2024-53145}
 - SUNRPC: make sure cache entry active before cache_show (Yang Erkun) [Orabug: 37433433] {CVE-2024-53174}
 - NFSD: Prevent a potential integer overflow (Chuck Lever) [Orabug: 37427470] {CVE-2024-53146}
 - media: wl128x: Fix atomicity violation in fmc_send_cmd() (Qiu-ji Chen) [Orabug: 37434358] {CVE-2024-56700}
 - um: vector: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433467] {CVE-2024-53181}
 - um: net: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433475] {CVE-2024-53183}
 - um: ubd: Do not use drvdata in release (Tiwei Bie) [Orabug: 37433484] {CVE-2024-53184}
 - netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) [Orabug: 37388867] {CVE-2024-53141}
 - comedi: Flush partial mappings in error case (Jann Horn) [Orabug: 37427482] {CVE-2024-53148}
 - PCI: Fix use-after-free of slot->bus on hot remove (Lukas Wunner) [Orabug: 37433516] {CVE-2024-53194}
 - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Benoit Sevens) [Orabug: 37433532] {CVE-2024-53197}
 - vfio/pci: Properly hide first-in-list PCIe extended capability (Avihai Horon) [Orabug: 37433578] {CVE-2024-53214}
 - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (Chuck Lever) [Orabug: 37433594] {CVE-2024-53217}
 - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (Zhen Lei) [Orabug: 37434478] {CVE-2024-56746}
 - ocfs2: fix uninitialized value in ocfs2_file_read_iter() (Dmitry Antipov) [Orabug: 37427503] {CVE-2024-53155}
 - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434484] {CVE-2024-56747}
 - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() (Zhen Lei) [Orabug: 37434489] {CVE-2024-56748}
 - scsi: bfa: Fix use-after-free in bfad_im_module_exit() (Ye Bin) [Orabug: 37433630] {CVE-2024-53227}
 - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (Andy Shevchenko) [Orabug: 37434429] {CVE-2024-56723}
 - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (Andy Shevchenko) [Orabug: 37434434] {CVE-2024-56724}
 - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (Andy Shevchenko) [Orabug: 37434330] {CVE-2024-56691}
 - ALSA: 6fire: Release resources at card release (Takashi Iwai) [Orabug: 37433660] {CVE-2024-53239}
 - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433666] {CVE-2024-56531}
 - ALSA: us122l: Use snd_card_free_when_closed() at disconnection (Takashi Iwai) [Orabug: 37433672] {CVE-2024-56532}
 - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (Alper Nebi Yasak) [Orabug: 37433695] {CVE-2024-56539}
 - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (Jeongjun Park) [Orabug:
 37427509] {CVE-2024-53156}
 - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (Luo Qiu) [Orabug: 37427515] {CVE-2024-53157}
 - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (Dan Carpenter) [Orabug: 37427524] {CVE-2024-53158}
 - crypto: bcm - add error check in the ahash_hmac_init function (Chen Ridong) [Orabug: 37434298] {CVE-2024-56681}
 - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (Yi Yang) [Orabug:
 37434323] {CVE-2024-56690}
 - EDAC/bluefield: Fix potential integer overflow (David Thompson) [Orabug: 37427533] {CVE-2024-53161}
 - hfsplus: don't query the device logical block size multiple times (Thadeu Lima de Souza Cascardo) [Orabug: 37433720] {CVE-2024-56548}
 - nvme-pci: fix freeing of the HMB descriptor table (Christoph Hellwig) [Orabug: 37434510] {CVE-2024-56756}
 - initramfs: avoid filename buffer overrun (David Disseldorp) [Orabug: 37388874] {CVE-2024-53142}
 - cifs: Fix buffer overflow when parsing NFS reparse points (Pali Rohar) [Orabug: 37206284] {CVE-2024-49996}
 - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388819] {CVE-2024-53130}
 - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (Ryusuke Konishi) [Orabug: 37388825] {CVE-2024-53131}
 - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (Sean Christopherson) [Orabug: 37388846] {CVE-2024-53135}
 - ocfs2: uncache inode which has failed entering the group (Dmitry Antipov) [Orabug: 37388753] {CVE-2024-53112}
 - netlink: terminate outstanding dump on socket close (Jakub Kicinski) [Orabug: 37388861] {CVE-2024-53140}
 - fs: Fix uninitialized value issue in from_kuid and from_kgid (Alessandro Zanni) [Orabug: 37331928] {CVE-2024-53101}
 - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Hyunwoo Kim) [Orabug:
 37298681] {CVE-2024-50264}
 - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (Hyunwoo Kim) [Orabug: 37344480] {CVE-2024-53103}
 - ftrace: Fix possible use-after-free issue in ftrace_location() (Zheng Yejian) [Orabug: 36753574] {CVE-2024-38588}
 - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (Andrew Kanner) [Orabug:
 37298685] {CVE-2024-50265}
 - USB: serial: io_edgeport: fix use after free in debug printk (Dan Carpenter) [Orabug: 37298695] {CVE-2024-50267}
 - usb: musb: sunxi: Fix accessing an released usb phy (Zijun Hu) [Orabug: 37298703] {CVE-2024-50269}
 - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Benoit Sevens) [Orabug: 37344485] {CVE-2024-53104}
 - net: bridge: xmit: make sure we have at least eth header len bytes (Nikolay Aleksandrov) [Orabug:
 36753372] {CVE-2024-38538}
 - btrfs: reinitialize delayed ref list after deleting it from the list (Filipe Manana) [Orabug: 37298715] {CVE-2024-50273}
 - nfs: Fix KMSAN warning in decode_getfattr_attrs() (Roberto Sassu) [Orabug: 37304779] {CVE-2024-53066}
 - dm cache: fix potential out-of-bounds access on the first resume (Ming-Hung Tsai) [Orabug: 37298732] {CVE-2024-50278}
 - dm cache: fix out-of-bounds access to the dirty bitset when resizing (Ming-Hung Tsai) [Orabug: 37298737] {CVE-2024-50279}
 - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (Alex Deucher) [Orabug: 37298751] {CVE-2024-50282}
 - media: v4l2-tpg: prevent the risk of a division by zero (Mauro Carvalho Chehab) [Orabug: 37298782] {CVE-2024-50287}
 - media: cx24116: prevent overflows on SNR calculus (Mauro Carvalho Chehab) [Orabug: 37298797] {CVE-2024-50290}
 - media: s5p-jpeg: prevent buffer overflows (Mauro Carvalho Chehab) [Orabug: 37304763] {CVE-2024-53061}
 - media: dvbdev: prevent the risk of out of memory access (Mauro Carvalho Chehab) [Orabug: 37304769] {CVE-2024-53063}
 - net: hns3: fix kernel crash when uninstalling driver (Peiyang Wang) [Orabug: 37298811] {CVE-2024-50296}
 - sctp: properly validate chunk size in sctp_sf_ootb() (Xin Long) [Orabug: 37298820] {CVE-2024-50299}
 - security/keys: fix slab-out-of-bounds in key_task_permission (Chen Ridong) [Orabug: 37298827] {CVE-2024-50301}
 - HID: core: zero-initialize the report buffer (Jiri Kosina) [Orabug: 37298834] {CVE-2024-50302}
 - net/ipv6: release expired exception dst cached in socket (Jiri Wiesner) [Orabug: 37434173] {CVE-2024-56644}
 - objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 37273706] {CVE-2022-29901}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-20471.html

Plugin Details

Severity: Medium

ID: 242165

File Name: oraclelinux_ELSA-2025-20471.nasl

Version: 1.2

Type: local

Agent: unix

Published: 7/16/2025

Updated: 7/16/2025

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-37803

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.7

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-28956

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-uek-debug, cpe:/a:oracle:linux:7:9:uekr6_els, cpe:/o:oracle:linux:8, cpe:/o:oracle:linux:8:10:baseos_patch, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-tools, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-container-debug

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2025

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2021-47352, CVE-2024-26744, CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2024-50154, CVE-2025-23140, CVE-2025-23142, CVE-2025-23147, CVE-2025-23150, CVE-2025-23157, CVE-2025-23158, CVE-2025-23159, CVE-2025-23163, CVE-2025-37738, CVE-2025-37740, CVE-2025-37741, CVE-2025-37749, CVE-2025-37757, CVE-2025-37758, CVE-2025-37765, CVE-2025-37766, CVE-2025-37768, CVE-2025-37770, CVE-2025-37773, CVE-2025-37780, CVE-2025-37781, CVE-2025-37785, CVE-2025-37789, CVE-2025-37792, CVE-2025-37794, CVE-2025-37796, CVE-2025-37797, CVE-2025-37803, CVE-2025-37808, CVE-2025-37810, CVE-2025-37812, CVE-2025-37817, CVE-2025-37823, CVE-2025-37824, CVE-2025-37829, CVE-2025-37838, CVE-2025-37839, CVE-2025-37840, CVE-2025-37841, CVE-2025-37850, CVE-2025-37857, CVE-2025-37858, CVE-2025-37859, CVE-2025-37862, CVE-2025-37881, CVE-2025-37892, CVE-2025-37940, CVE-2025-37982, CVE-2025-37983, CVE-2025-37989