RHSA-2026:3110
Vulnerability from csaf_redhat - Published: 2026-02-23 17:45 - Updated: 2026-02-25 16:11Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)
* kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init (CVE-2025-38248)
* kernel: smc: Fix use-after-free in __pnet_find_base_ndev() (CVE-2025-40064)
* kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)
* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)\n\n* kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init (CVE-2025-38248)\n\n* kernel: smc: Fix use-after-free in __pnet_find_base_ndev() (CVE-2025-40064)\n\n* kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)\n\n* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3110",
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2376034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034"
},
{
"category": "external",
"summary": "2378981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378981"
},
{
"category": "external",
"summary": "2406747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406747"
},
{
"category": "external",
"summary": "2429065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429065"
},
{
"category": "external",
"summary": "2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3110.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2026-02-25T16:11:32+00:00",
"generator": {
"date": "2026-02-25T16:11:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:3110",
"initial_release_date": "2026-02-23T17:45:43+00:00",
"revision_history": [
{
"date": "2026-02-23T17:45:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:45:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-25T16:11:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"product": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"product_id": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.107.1.rt7.448.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38129",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376034"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npage_pool: Fix use-after-free in page_pool_recycle_in_ring\n\nsyzbot reported a uaf in page_pool_recycle_in_ring:\n\nBUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\nRead of size 8 at addr ffff8880286045a0 by task syz.0.284/6943\n\nCPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:489\n kasan_report+0x143/0x180 mm/kasan/report.c:602\n lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline]\n _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline]\n page_pool_recycle_in_ring net/core/page_pool.c:707 [inline]\n page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826\n page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline]\n page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline]\n napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036\n skb_pp_recycle net/core/skbuff.c:1047 [inline]\n skb_free_head net/core/skbuff.c:1094 [inline]\n skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125\n skb_release_all net/core/skbuff.c:1190 [inline]\n __kfree_skb net/core/skbuff.c:1204 [inline]\n sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242\n kfree_skb_reason include/linux/skbuff.h:1263 [inline]\n __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline]\n\nroot cause is:\n\npage_pool_recycle_in_ring\n ptr_ring_produce\n spin_lock(\u0026r-\u003eproducer_lock);\n WRITE_ONCE(r-\u003equeue[r-\u003eproducer++], ptr)\n //recycle last page to pool\n\t\t\t\tpage_pool_release\n\t\t\t\t page_pool_scrub\n\t\t\t\t page_pool_empty_ring\n\t\t\t\t ptr_ring_consume\n\t\t\t\t page_pool_return_page //release all page\n\t\t\t\t __page_pool_destroy\n\t\t\t\t free_percpu(pool-\u003erecycle_stats);\n\t\t\t\t free(pool) //free\n\n spin_unlock(\u0026r-\u003eproducer_lock); //pool-\u003ering uaf read\n recycle_stat_inc(pool, ring);\n\npage_pool can be free while page pool recycle the last page in ring.\nAdd producer-lock barrier to page_pool_release to prevent the page\npool from being free before all pages have been recycled.\n\nrecycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not\nenabled, which will trigger Wempty-body build warning. Add definition\nfor pool stat macro to fix warning.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "RHBZ#2376034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38129"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38129-3c0e@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38129-3c0e@gregkh/T"
}
],
"release_date": "2025-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution"
},
{
"cve": "CVE-2025-38248",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378981"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: mcast: Fix use-after-free during router port configuration\n\nThe bridge maintains a global list of ports behind which a multicast\nrouter resides. The list is consulted during forwarding to ensure\nmulticast packets are forwarded to these ports even if the ports are not\nmember in the matching MDB entry.\n\nWhen per-VLAN multicast snooping is enabled, the per-port multicast\ncontext is disabled on each port and the port is removed from the global\nrouter port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 1\n $ bridge -d mdb show | grep router\n\nHowever, the port can be re-added to the global list even when per-VLAN\nmulticast snooping is enabled:\n\n # ip link set dev dummy1 type bridge_slave mcast_router 0\n # ip link set dev dummy1 type bridge_slave mcast_router 2\n $ bridge -d mdb show | grep router\n router ports on br1: dummy1\n\nSince commit 4b30ae9adb04 (\"net: bridge: mcast: re-implement\nbr_multicast_{enable, disable}_port functions\"), when per-VLAN multicast\nsnooping is enabled, multicast disablement on a port will disable the\nper-{port, VLAN} multicast contexts and not the per-port one. As a\nresult, a port will remain in the global router port list even after it\nis deleted. This will lead to a use-after-free [1] when the list is\ntraversed (when adding a new port to the list, for example):\n\n # ip link del dev dummy1\n # ip link add name dummy2 up master br1 type dummy\n # ip link set dev dummy2 type bridge_slave mcast_router 2\n\nSimilarly, stale entries can also be found in the per-VLAN router port\nlist. When per-VLAN multicast snooping is disabled, the per-{port, VLAN}\ncontexts are disabled on each port and the port is removed from the\nper-VLAN router port list:\n\n # ip link add name br1 up type bridge vlan_filtering 1 mcast_snooping 1 mcast_vlan_snooping 1\n # ip link add name dummy1 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy1\n # bridge vlan global set vid 2 dev br1 mcast_snooping 1\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n # ip link set dev br1 type bridge mcast_vlan_snooping 0\n $ bridge vlan global show dev br1 vid 2 | grep router\n\nHowever, the port can be re-added to the per-VLAN list even when\nper-VLAN multicast snooping is disabled:\n\n # bridge vlan set vid 2 dev dummy1 mcast_router 0\n # bridge vlan set vid 2 dev dummy1 mcast_router 2\n $ bridge vlan global show dev br1 vid 2 | grep router\n router ports: dummy1\n\nWhen the VLAN is deleted from the port, the per-{port, VLAN} multicast\ncontext will not be disabled since multicast snooping is not enabled\non the VLAN. As a result, the port will remain in the per-VLAN router\nport list even after it is no longer member in the VLAN. This will lead\nto a use-after-free [2] when the list is traversed (when adding a new\nport to the list, for example):\n\n # ip link add name dummy2 up master br1 type dummy\n # bridge vlan add vid 2 dev dummy2\n # bridge vlan del vid 2 dev dummy1\n # bridge vlan set vid 2 dev dummy2 mcast_router 2\n\nFix these issues by removing the port from the relevant (global or\nper-VLAN) router port list in br_multicast_port_ctx_deinit(). The\nfunction is invoked during port deletion with the per-port multicast\ncontext and during VLAN deletion with the per-{port, VLAN} multicast\ncontext.\n\nNote that deleting the multicast router timer is not enough as it only\ntakes care of the temporary multicast router states (1 or 3) and not the\npermanent one (2).\n\n[1]\nBUG: KASAN: slab-out-of-bounds in br_multicast_add_router.part.0+0x3f1/0x560\nWrite of size 8 at addr ffff888004a67328 by task ip/384\n[...]\nCall Trace:\n \u003cTASK\u003e\n dump_stack\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "RHBZ#2378981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38248"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38248-003c@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38248-003c@gregkh/T"
}
],
"release_date": "2025-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init"
},
{
"cve": "CVE-2025-40064",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406747"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev\u0027s refcnt by dst will be released.\n\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: smc: Fix use-after-free in __pnet_find_base_ndev()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40064"
},
{
"category": "external",
"summary": "RHBZ#2406747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40064"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40064-0c16@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40064-0c16@gregkh/T"
}
],
"release_date": "2025-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: smc: Fix use-after-free in __pnet_find_base_ndev()"
},
{
"cve": "CVE-2025-68800",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429065"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats\n\nCited commit added a dedicated mutex (instead of RTNL) to protect the\nmulticast route list, so that it will not change while the driver\nperiodically traverses it in order to update the kernel about multicast\nroute stats that were queried from the device.\n\nOne instance of list entry deletion (during route replace) was missed\nand it can result in a use-after-free [1].\n\nFix by acquiring the mutex before deleting the entry from the list and\nreleasing it afterwards.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum]\nRead of size 8 at addr ffff8881523c2fa8 by task kworker/2:5/22043\n\nCPU: 2 UID: 0 PID: 22043 Comm: kworker/2:5 Not tainted 6.18.0-rc1-custom-g1a3d6d7cd014 #1 PREEMPT(full)\nHardware name: Mellanox Technologies Ltd. MSN2010/SA002610, BIOS 5.6.5 08/24/2017\nWorkqueue: mlxsw_core mlxsw_sp_mr_stats_update [mlxsw_spectrum]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n print_report+0x174/0x4f5\n kasan_report+0xdf/0x110\n mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 29933:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n mlxsw_sp_mr_route_add+0xd8/0x4770 [mlxsw_spectrum]\n mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 29933:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3b/0x70\n __kasan_slab_free+0x43/0x70\n kfree+0x14e/0x700\n mlxsw_sp_mr_route_add+0x2dea/0x4770 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:444 [mlxsw_spectrum]\n mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A use-after-free exists in mlxsw_spectrum multicast routing when a route entry is deleted from the multicast route list without holding route_list_lock, while the periodic stats worker traverses the same list. A privileged attacker who can manipulate multicast routes on a host using mlxsw Spectrum hardware can trigger the race to crash the kernel and potentially corrupt memory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68800"
},
{
"category": "external",
"summary": "RHBZ#2429065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68800"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2026011307-CVE-2025-68800-39d2@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2026011307-CVE-2025-68800-39d2@gregkh/T"
}
],
"release_date": "2026-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats"
},
{
"cve": "CVE-2026-23074",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s networking component. A local attacker with low privileges could exploit a design issue in the teql queueing discipline, which is responsible for managing network traffic. By sending specially crafted network packets, an attacker could trigger a use-after-free (UAF) vulnerability, which is a type of memory corruption. This could lead to a system crash, or potentially allow the attacker to execute unauthorized code or gain elevated system access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23074"
},
{
"category": "external",
"summary": "RHBZ#2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T"
}
],
"release_date": "2026-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…