rhsa-2025:16540
Vulnerability from csaf_redhat
Published
2025-09-24 00:31
Modified
2025-09-25 18:34
Summary
Red Hat Security Advisory: kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, kpatch-patch-5_14_0-427_55_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update
Notes
Topic
An update for multiple packages is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-5.14.0-427.44.1.el9_4.
Security Fix(es):
* kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)
* kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001)
* kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
* kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
* kernel: i2c/designware: Fix an initialization issue (CVE-2025-38380)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for multiple packages is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-5.14.0-427.44.1.el9_4.\n\nSecurity Fix(es):\n\n* kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)\n\n* kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001)\n\n* kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)\n\n* kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)\n\n* kernel: i2c/designware: Fix an initialization issue (CVE-2025-38380)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16540",
"url": "https://access.redhat.com/errata/RHSA-2025:16540"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2366848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366848"
},
{
"category": "external",
"summary": "2370776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370776"
},
{
"category": "external",
"summary": "2370786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370786"
},
{
"category": "external",
"summary": "2382054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382054"
},
{
"category": "external",
"summary": "2383381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383381"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16540.json"
}
],
"title": "Red Hat Security Advisory: kpatch-patch-5_14_0-427_31_1, kpatch-patch-5_14_0-427_44_1, kpatch-patch-5_14_0-427_55_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update",
"tracking": {
"current_release_date": "2025-09-25T18:34:23+00:00",
"generator": {
"date": "2025-09-25T18:34:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2025:16540",
"initial_release_date": "2025-09-24T00:31:03+00:00",
"revision_history": [
{
"date": "2025-09-24T00:31:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-24T00:31:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-25T18:34:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"product": {
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"product_id": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_44_1@1-12.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"product": {
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"product_id": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_84_1@1-2.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"product": {
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"product_id": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_31_1@1-14.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"product": {
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"product_id": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_68_2@1-7.el9_4?arch=src"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"product": {
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"product_id": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_55_1@1-10.el9_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_44_1@1-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_44_1-debugsource@1-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_44_1-debuginfo@1-12.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_84_1@1-2.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_84_1-debugsource@1-2.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_84_1-debuginfo@1-2.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_31_1@1-14.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_31_1-debugsource@1-14.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_31_1-debuginfo@1-14.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_68_2@1-7.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_68_2-debugsource@1-7.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_68_2-debuginfo@1-7.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_55_1@1-10.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_55_1-debugsource@1-10.el9_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"product": {
"name": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"product_id": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_55_1-debuginfo@1-10.el9_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_44_1@1-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_44_1-debugsource@1-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_44_1-debuginfo@1-12.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_84_1@1-2.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_84_1-debugsource@1-2.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_84_1-debuginfo@1-2.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_31_1@1-14.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_31_1-debugsource@1-14.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_31_1-debuginfo@1-14.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_68_2@1-7.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_68_2-debugsource@1-7.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_68_2-debuginfo@1-7.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_55_1@1-10.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_55_1-debugsource@1-10.el9_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"product": {
"name": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"product_id": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kpatch-patch-5_14_0-427_55_1-debuginfo@1-10.el9_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src"
},
"product_reference": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src"
},
"product_reference": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src"
},
"product_reference": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src"
},
"product_reference": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src"
},
"product_reference": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le"
},
"product_reference": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
},
"product_reference": "kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-37890",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-05-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2366848"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability has been identified in the Linux kernel\u0027s HFSC (Hierarchical Fair Service Curve) queuing discipline when it is configured with NETEM (Network Emulation) as a child. This flaw can lead to a kernel panic or crash due to incorrect assumptions about the queue state.\n\nExploitation of this vulnerability requires local access with CAP_NET_ADMIN privileges and control over the qdisc (queueing discipline) setup. A local attacker could leverage this flaw to achieve denial of service or escalate privileges. Given that it affects kernel memory structures, successful exploitation could result in memory corruption, data leaks, or arbitrary write capabilities, leading to a full kernel crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On Red Hat Enterprise Linux 8 and later releases, regular (non-root) users can exploit this issue by abusing unprivileged user namespaces. Red Hat Enterprise Linux 6 and 7 are not affected by this CVE because they did not include the upstream commit that introduced the CVE (37d9cf1).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-37890"
},
{
"category": "external",
"summary": "RHBZ#2366848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2366848"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-37890",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37890"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025051617-CVE-2025-37890-437b@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025051617-CVE-2025-37890-437b@gregkh/T"
}
],
"release_date": "2025-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-24T00:31:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16540"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module sch_hfsc from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc"
},
{
"cve": "CVE-2025-38000",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370786"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the HFSC queueing discipline implementation in the Linux kernel. When a packet is enqueued and the child qdisc\u0027s peek() function is called before properly updating the HFSC queue\u0027s length and backlog counters, a race condition can occur. In some cases, the peek operation may trigger an immediate dequeue and drop, leading to inconsistent queue accounting. This may leave an empty HFSC class in the active list, eventually causing use-after-free (UAF) conditions. Due to the nature of this memory corruption (use-after-free or list corruption) in kernel scheduler code, a successful exploit could lead to privilege escalation, data leakage, or denial of service. Therefore, the CIA impact is assessed as HHH to reflect a worst-case.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On Red Hat Enterprise Linux 8 and later releases, regular (non-root) users can exploit this issue by abusing unprivileged user namespaces. On Red Hat Enterprise Linux 7, unprivileged user namespaces are disabled by default. Red Hat Enterprise Linux 6 did not include support for them at all, meaning that root privileges are necessary to trigger this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38000"
},
{
"category": "external",
"summary": "RHBZ#2370786",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370786"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38000"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025060639-CVE-2025-38000-f5a4@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025060639-CVE-2025-38000-f5a4@gregkh/T"
}
],
"release_date": "2025-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-24T00:31:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16540"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module sch_hfsc from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()"
},
{
"cve": "CVE-2025-38001",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370776"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free (UAF) vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC (Hierarchical Fair Service Curve) queuing discipline when it is used in conjunction with NETEM (Network Emulation).\n\nA malicious user could exploit this by repeatedly inserting a class into the eltree due to insufficient validation in prior logic, effectively bypassing the protection provided by the HFSC_RSC flag. Successful exploitation could lead to memory corruption, an infinite loop, or a system crash, severely impacting network availability and system stability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On Red Hat Enterprise Linux 8 and later releases, regular (non-root) users can exploit this issue by abusing unprivileged user namespaces. Red Hat Enterprise Linux 6 and 7 are not affected by this CVE because they did not include the upstream commit that introduced the CVE (37d9cf1).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38001"
},
{
"category": "external",
"summary": "RHBZ#2370776",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370776"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38001",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38001"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025060650-CVE-2025-38001-f921@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025060650-CVE-2025-38001-f921@gregkh/T"
}
],
"release_date": "2025-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-24T00:31:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16540"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module sch_hfsc from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice"
},
{
"cve": "CVE-2025-38350",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2382054"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free (UAF) vulnerability was found in the Linux kernel\u0027s net/sched subsystem, specifically in the Credit-Based Shaper (CBS) qdisc implementation (sch_cbs). The vulnerability occurs because the CBS qdisc\u0027s reset function (qdisc_reset_queue()) only resets its internal queue but fails to reset its child qdisc recursively. As a result, a mismatch in queue length (qlen) occurs between CBS and its children during interface resets, eventually allowing attackers to trigger UAF on a parent HFSC scheduler.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net/sched: Always pass notifications when child class becomes empty",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "On Red Hat Enterprise Linux 8 and later releases, regular (non-root) users can exploit this issue by abusing unprivileged user namespaces. On Red Hat Enterprise Linux 7, unprivileged user namespaces are disabled by default. Red Hat Enterprise Linux 6 did not include support for them at all, meaning that root privileges are necessary to trigger this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38350"
},
{
"category": "external",
"summary": "RHBZ#2382054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2382054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38350",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38350"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025071933-CVE-2025-38350-262a@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025071933-CVE-2025-38350-262a@gregkh/T"
}
],
"release_date": "2025-07-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-24T00:31:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16540"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the sch_cbs module from being loaded. Please see https://access.redhat.com/solutions/41278 for how information on how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: net/sched: Always pass notifications when child class becomes empty"
},
{
"cve": "CVE-2025-38380",
"cwe": {
"id": "CWE-908",
"name": "Use of Uninitialized Resource"
},
"discovery_date": "2025-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383381"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: i2c/designware: Fix an initialization issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists in the driver for certain hardware which supports the I2C protocol. This hardware is often used to interface with low-speed peripherals such as human interface devices. By exploiting a flaw in how the hardware handles certain messages, an attacker could craft malicious messages to cause a system crash or to modify or expose sensitive memory locations.\nThis vulnerability has a security impact of Important because of its impact on system Confidentiality, Integrity, and Availability, and the fact that only local privileges are required (PR:L).\nThis vulnerability exists in Red Hat Enterprise Linux 8 and later in the i2c-designware-core module.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38380"
},
{
"category": "external",
"summary": "RHBZ#2383381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38380"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38380",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38380"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38380-d1a9@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38380-d1a9@gregkh/T"
}
],
"release_date": "2025-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-24T00:31:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16540"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the i2c-designware-core module from being loaded. Please see https://access.redhat.com/solutions/41278 for details on how to prevent a kernel module from loading automatically.",
"product_ids": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debuginfo-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_31_1-debugsource-0:1-14.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debuginfo-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_44_1-debugsource-0:1-12.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debuginfo-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_55_1-debugsource-0:1-10.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debuginfo-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_68_2-debugsource-0:1-7.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.src",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debuginfo-0:1-2.el9_4.x86_64",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.ppc64le",
"BaseOS-9.4.0.Z.EUS:kpatch-patch-5_14_0-427_84_1-debugsource-0:1-2.el9_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: i2c/designware: Fix an initialization issue"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…