Updated: 2025-05-05 17:14:54.83583
Description:
In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_out() Add rcu_read_lock() / rcu_read_unlock() pair to avoid a potential UAF.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | HIGH | 7.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.8 | HIGH | Released | CLSA-2025:1747725447 | 2025-05-21 01:44:34 | |
| AlmaLinux 9.6 ESU | kernel | 5.14.0 | 7.8 | HIGH | Needs Triage | 2025-07-03 10:44:38 | ||
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1747688514 | 2025-05-21 01:44:32 | |
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1747688831 | 2025-05-21 01:44:33 | |
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.8 | HIGH | Released | CLSA-2025:1747688581 | 2025-05-21 01:44:32 | |
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 7.8 | HIGH | Released | CLSA-2025:1746479711 | 2025-05-08 04:11:26 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1744624441 | 2025-04-15 04:03:01 | |
| Ubuntu 18.04 ELS | linux | 4.15.0 | 7.8 | HIGH | Released | CLSA-2025:1744213128 | 2025-04-10 05:59:49 | |
| Ubuntu 20.04 ELS | linux | 5.4.0 | 7.8 | HIGH | Released | 2025-06-24 00:42:00 |