CVE-2025-38292 Affecting python3-perf package, versions <0:5.14.0-570.33.2.0.1.el9_6


Severity

Recommended
medium

Based on Oracle Linux security rating.

Threat Intelligence

EPSS
0.02% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ORACLE9-PYTHON3PERF-11808429
  • published14 Aug 2025
  • disclosed10 Jul 2025

Introduced: 10 Jul 2025

CVE-2025-38292  (opens in a new tab)

How to fix?

Upgrade Oracle:9 python3-perf to version 0:5.14.0-570.33.2.0.1.el9_6 or higher.
This issue was patched in ELSA-2025-13602.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-perf package and not the python3-perf package as distributed by Oracle. See How to fix? for Oracle:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix invalid access to memory

In ath12k_dp_rx_msdu_coalesce(), rxcb is fetched from skb and boolean is_continuation is part of rxcb. Currently, after freeing the skb, the rxcb->is_continuation accessed again which is wrong since the memory is already freed. This might lead use-after-free error.

Hence, fix by locally defining bool is_continuation from rxcb, so that after freeing skb, is_continuation can be used.

Compile tested only.

CVSS Base Scores

version 3.1