Oracle Linux 9 : kernel (ELSA-2025-14420)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-14420 advisory. - ice: fix eswitch code memory leak in reset scenario CKI Backport Bot RHEL-108152 CVE-2025-38417 - udp: Fix memory accounting leak. Xin Long...

Linux Distros Unpatched Vulnerability : CVE-2025-21971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netsched: Prevent creation of classes with TCHROOT The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing up the qdisc tree...

CVE-2025-37914

CVE-2025-37914 is a Linux kernel network scheduler vulnerability in net_sched: ets where a netem child qdisc can trigger reentrant enqueue, causing the same classifier to be added twice to the active_list and potentially memory corruption. The patch adds an active check (cl_is_active) and guards ...

CVE-2025-37913 net_sched: qfq: Fix double list add in class with netem as child qdisc

In the Linux kernel, the following vulnerability has been resolved: netsched: qfq: Fix double list add in class with netem as child qdisc As described in Gerrard's report 1, there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of qfq,...