vulnerability
Oracle Linux: CVE-2025-47907: ELSA-2025-20909: podman security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:N/C:C/I:P/A:P) | Aug 7, 2025 | Nov 28, 2025 | Dec 5, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:N/C:C/I:P/A:P)
Published
Aug 7, 2025
Added
Nov 28, 2025
Modified
Dec 5, 2025
Description
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
Solutions
oracle-linux-upgrade-podmanoracle-linux-upgrade-podman-dockeroracle-linux-upgrade-podman-pluginsoracle-linux-upgrade-podman-remoteoracle-linux-upgrade-podman-tests
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.