RHSA-2026:3358
Vulnerability from csaf_redhat - Published: 2026-02-25 14:18 - Updated: 2026-02-25 16:11Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF (CVE-2025-37882)
* kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (CVE-2025-37861)
* kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)
* kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)
* kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service (CVE-2023-53192)
* kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length (CVE-2025-39933)
* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)
* kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling (CVE-2023-53762)
* kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service (CVE-2025-40269)
* kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)
* kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)
* kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF (CVE-2025-37882)\n\n* kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (CVE-2025-37861)\n\n* kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)\n\n* kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)\n\n* kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service (CVE-2023-53192)\n\n* kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length (CVE-2025-39933)\n\n* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)\n\n* kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling (CVE-2023-53762)\n\n* kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service (CVE-2025-40269)\n\n* kernel: ip6_vti: fix slab-use-after-free in decode_session6 (CVE-2023-53821)\n\n* kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)\n\n* kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3358",
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2365250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365250"
},
{
"category": "external",
"summary": "2365256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365256"
},
{
"category": "external",
"summary": "2383404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383404"
},
{
"category": "external",
"summary": "2394601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394601"
},
{
"category": "external",
"summary": "2395232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395232"
},
{
"category": "external",
"summary": "2401432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401432"
},
{
"category": "external",
"summary": "2419837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419837"
},
{
"category": "external",
"summary": "2419838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419838"
},
{
"category": "external",
"summary": "2419919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419919"
},
{
"category": "external",
"summary": "2420329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420329"
},
{
"category": "external",
"summary": "2420347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420347"
},
{
"category": "external",
"summary": "2424880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424880"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3358.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2026-02-25T16:11:15+00:00",
"generator": {
"date": "2026-02-25T16:11:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:3358",
"initial_release_date": "2026-02-25T14:18:41+00:00",
"revision_history": [
{
"date": "2026-02-25T14:18:41+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-25T14:18:41+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-25T16:11:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::realtime"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::nfv"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"product": {
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"product_id": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.158.1.rt14.443.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-core@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-core@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product": {
"name": "kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_id": "kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-284.158.1.rt14.443.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src"
},
"product_reference": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src"
},
"product_reference": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50673",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420347"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the ext4 filesystem\u0027s orphan inode cleanup routine in the Linux kernel. When ext4_inode_attach_jinode() fails with -ENOMEM during orphan cleanup at mount time, the error is not properly propagated. The inode is freed via iput(), but the orphan list still references the same inode number. On the next loop iteration, the freed inode structure is reused, triggering a use-after-free when adding it to the orphan list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ext4: fix use-after-free in ext4_orphan_cleanup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during ext4 filesystem mount when memory allocation fails at a specific point in orphan inode processing. Exploitation requires local access to mount ext4 filesystems and the ability to induce memory pressure during the mount operation, making practical exploitation difficult.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50673"
},
{
"category": "external",
"summary": "RHBZ#2420347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50673"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50673-f920@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50673-f920@gregkh/T"
}
],
"release_date": "2025-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ext4: fix use-after-free in ext4_orphan_cleanup"
},
{
"cve": "CVE-2023-53192",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395232"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvxlan: Fix nexthop hash size\n\nThe nexthop code expects a 31 bit hash, such as what is returned by\nfib_multipath_hash() and rt6_multipath_hash(). Passing the 32 bit hash\nreturned by skb_get_hash() can lead to problems related to the fact that\n\u0027int hash\u0027 is a negative number when the MSB is set.\n\nIn the case of hash threshold nexthop groups, nexthop_select_path_hthr()\nwill disproportionately select the first nexthop group entry. In the case\nof resilient nexthop groups, nexthop_select_path_res() may do an out of\nbounds access in nh_buckets[], for example:\n hash = -912054133\n num_nh_buckets = 2\n bucket_index = 65535\n\nwhich leads to the following panic:\n\nBUG: unable to handle page fault for address: ffffc900025910c8\nPGD 100000067 P4D 100000067 PUD 10026b067 PMD 0\nOops: 0002 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 4 PID: 856 Comm: kworker/4:3 Not tainted 6.5.0-rc2+ #34\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014\nWorkqueue: ipv6_addrconf addrconf_dad_work\nRIP: 0010:nexthop_select_path+0x197/0xbf0\nCode: c1 e4 05 be 08 00 00 00 4c 8b 35 a4 14 7e 01 4e 8d 6c 25 00 4a 8d 7c 25 08 48 01 dd e8 c2 25 15 ff 49 8d 7d 08 e8 39 13 15 ff \u003c4d\u003e 89 75 08 48 89 ef e8 7d 12 15 ff 48 8b 5d 00 e8 14 55 2f 00 85\nRSP: 0018:ffff88810c36f260 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 00000000002000c0 RCX: ffffffffaf02dd77\nRDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffc900025910c8\nRBP: ffffc900025910c0 R08: 0000000000000001 R09: fffff520004b2219\nR10: ffffc900025910cf R11: 31392d2068736168 R12: 00000000002000c0\nR13: ffffc900025910c0 R14: 00000000fffef608 R15: ffff88811840e900\nFS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc900025910c8 CR3: 0000000129d00000 CR4: 0000000000750ee0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x1ee/0x5c0\n ? __pfx_is_prefetch.constprop.0+0x10/0x10\n ? __pfx_page_fault_oops+0x10/0x10\n ? search_bpf_extables+0xfe/0x1c0\n ? fixup_exception+0x3b/0x470\n ? exc_page_fault+0xf6/0x110\n ? asm_exc_page_fault+0x26/0x30\n ? nexthop_select_path+0x197/0xbf0\n ? nexthop_select_path+0x197/0xbf0\n ? lock_is_held_type+0xe7/0x140\n vxlan_xmit+0x5b2/0x2340\n ? __lock_acquire+0x92b/0x3370\n ? __pfx_vxlan_xmit+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_register_lock_class+0x10/0x10\n ? skb_network_protocol+0xce/0x2d0\n ? dev_hard_start_xmit+0xca/0x350\n ? __pfx_vxlan_xmit+0x10/0x10\n dev_hard_start_xmit+0xca/0x350\n __dev_queue_xmit+0x513/0x1e20\n ? __pfx___dev_queue_xmit+0x10/0x10\n ? __pfx_lock_release+0x10/0x10\n ? mark_held_locks+0x44/0x90\n ? skb_push+0x4c/0x80\n ? eth_header+0x81/0xe0\n ? __pfx_eth_header+0x10/0x10\n ? neigh_resolve_output+0x215/0x310\n ? ip6_finish_output2+0x2ba/0xc90\n ip6_finish_output2+0x2ba/0xc90\n ? lock_release+0x236/0x3e0\n ? ip6_mtu+0xbb/0x240\n ? __pfx_ip6_finish_output2+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? lock_is_held_type+0xe7/0x140\n ip6_finish_output+0x1ee/0x780\n ip6_output+0x138/0x460\n ? __pfx_ip6_output+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n ? __pfx_ip6_finish_output+0x10/0x10\n NF_HOOK.constprop.0+0xc0/0x420\n ? __pfx_NF_HOOK.constprop.0+0x10/0x10\n ? ndisc_send_skb+0x2c0/0x960\n ? __pfx_lock_release+0x10/0x10\n ? __local_bh_enable_ip+0x93/0x110\n ? lock_is_held_type+0xe7/0x140\n ndisc_send_skb+0x4be/0x960\n ? __pfx_ndisc_send_skb+0x10/0x10\n ? mark_held_locks+0x65/0x90\n ? find_held_lock+0x83/0xa0\n ndisc_send_ns+0xb0/0x110\n ? __pfx_ndisc_send_ns+0x10/0x10\n addrconf_dad_work+0x631/0x8e0\n ? lock_acquire+0x180/0x3f0\n ? __pfx_addrconf_dad_work+0x10/0x10\n ? mark_held_locks+0x24/0x90\n process_one_work+0x582/0x9c0\n ? __pfx_process_one_work+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? mark_held_locks+0x24/0x90\n worker_thread+0x93/0x630\n ? __kthread_parkme+0xdc/0x100\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x1a5/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x60\n \n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability requires elevated privileges (`CAP_NET_ADMIN`) to exploit, since it can only be triggered if the system is configured to accept and forward VXLAN packets.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53192"
},
{
"category": "external",
"summary": "RHBZ#2395232",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395232"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53192",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53192"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091558-CVE-2023-53192-5ca6@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091558-CVE-2023-53192-5ca6@gregkh/T"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Out-of-bounds write in VXLAN due to incorrect nexthop hash size leading to denial of service"
},
{
"cve": "CVE-2023-53762",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419838"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync\n\nUse-after-free can occur in hci_disconnect_all_sync if a connection is\ndeleted by concurrent processing of a controller event.\n\nTo prevent this the code now tries to iterate over the list backwards\nto ensure the links are cleanup before its parents, also it no longer\nrelies on a cursor, instead it always uses the last element since\nhci_abort_conn_sync is guaranteed to call hci_conn_del.\n\nUAF crash log:\n==================================================================\nBUG: KASAN: slab-use-after-free in hci_set_powered_sync\n(net/bluetooth/hci_sync.c:5424) [bluetooth]\nRead of size 8 at addr ffff888009d9c000 by task kworker/u9:0/124\n\nCPU: 0 PID: 124 Comm: kworker/u9:0 Tainted: G W\n6.5.0-rc1+ #10\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n1.16.2-1.fc38 04/01/2014\nWorkqueue: hci0 hci_cmd_sync_work [bluetooth]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xdd/0x160\n ? hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]\n kasan_report+0xa6/0xe0\n ? hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]\n ? __pfx_set_powered_sync+0x10/0x10 [bluetooth]\n hci_set_powered_sync+0x2c9/0x4a0 [bluetooth]\n ? __pfx_hci_set_powered_sync+0x10/0x10 [bluetooth]\n ? __pfx_lock_release+0x10/0x10\n ? __pfx_set_powered_sync+0x10/0x10 [bluetooth]\n hci_cmd_sync_work+0x137/0x220 [bluetooth]\n process_one_work+0x526/0x9d0\n ? __pfx_process_one_work+0x10/0x10\n ? __pfx_do_raw_spin_lock+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n worker_thread+0x92/0x630\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x196/0x1e0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n \u003c/TASK\u003e\n\nAllocated by task 1782:\n kasan_save_stack+0x33/0x60\n kasan_set_track+0x25/0x30\n __kasan_kmalloc+0x8f/0xa0\n hci_conn_add+0xa5/0xa80 [bluetooth]\n hci_bind_cis+0x881/0x9b0 [bluetooth]\n iso_connect_cis+0x121/0x520 [bluetooth]\n iso_sock_connect+0x3f6/0x790 [bluetooth]\n __sys_connect+0x109/0x130\n __x64_sys_connect+0x40/0x50\n do_syscall_64+0x60/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n\nFreed by task 695:\n kasan_save_stack+0x33/0x60\n kasan_set_track+0x25/0x30\n kasan_save_free_info+0x2b/0x50\n __kasan_slab_free+0x10a/0x180\n __kmem_cache_free+0x14d/0x2e0\n device_release+0x5d/0xf0\n kobject_put+0xdf/0x270\n hci_disconn_complete_evt+0x274/0x3a0 [bluetooth]\n hci_event_packet+0x579/0x7e0 [bluetooth]\n hci_rx_work+0x287/0xaa0 [bluetooth]\n process_one_work+0x526/0x9d0\n worker_thread+0x92/0x630\n kthread+0x196/0x1e0\n ret_from_fork+0x2c/0x50\n==================================================================",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53762"
},
{
"category": "external",
"summary": "RHBZ#2419838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53762"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53762",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53762"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120845-CVE-2023-53762-01bc@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120845-CVE-2023-53762-01bc@gregkh/T"
}
],
"release_date": "2025-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in connection handling"
},
{
"cve": "CVE-2023-53821",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420329"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: fix slab-use-after-free in decode_session6\n\nWhen ipv6_vti device is set to the qdisc of the sfb type, the cb field\nof the sent skb may be modified during enqueuing. Then,\nslab-use-after-free may occur when ipv6_vti device sends IPv6 packets.\n\nThe stack information is as follows:\nBUG: KASAN: slab-use-after-free in decode_session6+0x103f/0x1890\nRead of size 1 at addr ffff88802e08edc2 by task swapper/0/0\nCPU: 0 PID: 0 Comm: swapper/0 Not tainted 6.4.0-next-20230707-00001-g84e2cad7f979 #410\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33 04/01/2014\nCall Trace:\n\u003cIRQ\u003e\ndump_stack_lvl+0xd9/0x150\nprint_address_description.constprop.0+0x2c/0x3c0\nkasan_report+0x11d/0x130\ndecode_session6+0x103f/0x1890\n__xfrm_decode_session+0x54/0xb0\nvti6_tnl_xmit+0x3e6/0x1ee0\ndev_hard_start_xmit+0x187/0x700\nsch_direct_xmit+0x1a3/0xc30\n__qdisc_run+0x510/0x17a0\n__dev_queue_xmit+0x2215/0x3b10\nneigh_connected_output+0x3c2/0x550\nip6_finish_output2+0x55a/0x1550\nip6_finish_output+0x6b9/0x1270\nip6_output+0x1f1/0x540\nndisc_send_skb+0xa63/0x1890\nndisc_send_rs+0x132/0x6f0\naddrconf_rs_timer+0x3f1/0x870\ncall_timer_fn+0x1a0/0x580\nexpire_timers+0x29b/0x4b0\nrun_timer_softirq+0x326/0x910\n__do_softirq+0x1d4/0x905\nirq_exit_rcu+0xb7/0x120\nsysvec_apic_timer_interrupt+0x97/0xc0\n\u003c/IRQ\u003e\nAllocated by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\n__kasan_slab_alloc+0x7f/0x90\nkmem_cache_alloc_node+0x1cd/0x410\nkmalloc_reserve+0x165/0x270\n__alloc_skb+0x129/0x330\nnetlink_sendmsg+0x9b1/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nFreed by task 9176:\nkasan_save_stack+0x22/0x40\nkasan_set_track+0x25/0x30\nkasan_save_free_info+0x2b/0x40\n____kasan_slab_free+0x160/0x1c0\nslab_free_freelist_hook+0x11b/0x220\nkmem_cache_free+0xf0/0x490\nskb_free_head+0x17f/0x1b0\nskb_release_data+0x59c/0x850\nconsume_skb+0xd2/0x170\nnetlink_unicast+0x54f/0x7f0\nnetlink_sendmsg+0x926/0xe30\nsock_sendmsg+0xde/0x190\n____sys_sendmsg+0x739/0x920\n___sys_sendmsg+0x110/0x1b0\n__sys_sendmsg+0xf7/0x1c0\ndo_syscall_64+0x39/0xb0\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nThe buggy address belongs to the object at ffff88802e08ed00\nwhich belongs to the cache skbuff_small_head of size 640\nThe buggy address is located 194 bytes inside of\nfreed 640-byte region [ffff88802e08ed00, ffff88802e08ef80)\n\nAs commit f855691975bb (\"xfrm6: Fix the nexthdr offset in\n_decode_session6.\") showed, xfrm_decode_session was originally intended\nonly for the receive path. IP6CB(skb)-\u003enhoff is not set during\ntransmission. Therefore, set the cb field in the skb to 0 before\nsending packets.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ip6_vti: fix slab-use-after-free in decode_session6",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a use-after-free vulnerability in IPv6 VTI tunnel handling that can be triggered when specific qdisc configurations are used. The vulnerability requires local access and specific network configuration involving VTI tunnels with SFB qdisc.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53821"
},
{
"category": "external",
"summary": "RHBZ#2420329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53821",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53821"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120950-CVE-2023-53821-9542@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120950-CVE-2023-53821-9542@gregkh/T"
}
],
"release_date": "2025-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ip6_vti: fix slab-use-after-free in decode_session6"
},
{
"cve": "CVE-2025-37861",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365256"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue\n\nWhen the task management thread processes reply queues while the reset\nthread resets them, the task management thread accesses an invalid queue ID\n(0xFFFF), set by the reset thread, which points to unallocated memory,\ncausing a crash.\n\nAdd flag \u0027io_admin_reset_sync\u0027 to synchronize access between the reset,\nI/O, and admin threads. Before a reset, the reset handler sets this flag to\nblock I/O and admin processing threads. If any thread bypasses the initial\ncheck, the reset thread waits up to 10 seconds for processing to finish. If\nthe wait exceeds 10 seconds, the controller is marked as unrecoverable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-37861"
},
{
"category": "external",
"summary": "RHBZ#2365256",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365256"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-37861",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37861"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-37861",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37861"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025050922-CVE-2025-37861-ab7f@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025050922-CVE-2025-37861-ab7f@gregkh/T"
}
],
"release_date": "2025-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue"
},
{
"cve": "CVE-2025-37882",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2025-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2365250"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Fix isochronous Ring Underrun/Overrun event handling\n\nThe TRB pointer of these events points at enqueue at the time of error\noccurrence on xHCI 1.1+ HCs or it\u0027s NULL on older ones. By the time we\nare handling the event, a new TD may be queued at this ring position.\n\nI can trigger this race by rising interrupt moderation to increase IRQ\nhandling delay. Similar delay may occur naturally due to system load.\n\nIf this ever happens after a Missed Service Error, missed TDs will be\nskipped and the new TD processed as if it matched the event. It could\nbe given back prematurely, risking data loss or buffer UAF by the xHC.\n\nDon\u0027t complete TDs on xrun events and don\u0027t warn if queued TDs don\u0027t\nmatch the event\u0027s TRB pointer, which can be NULL or a link/no-op TRB.\nDon\u0027t warn if there are no queued TDs at all.\n\nNow that it\u0027s safe, also handle xrun events if the skip flag is clear.\nThis ensures completion of any TD stuck in \u0027error mid TD\u0027 state right\nbefore the xrun event, which could happen if a driver submits a finite\nnumber of URBs to a buggy HC and then an error occurs on the last TD.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-37882"
},
{
"category": "external",
"summary": "RHBZ#2365250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-37882",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37882"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-37882",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37882"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025050944-CVE-2025-37882-db64@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025050944-CVE-2025-37882-db64@gregkh/T"
}
],
"release_date": "2025-05-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF"
},
{
"cve": "CVE-2025-38415",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383404"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "RHBZ#2383404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38415"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025072513-CVE-2025-38415-c634@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025072513-CVE-2025-38415-c634@gregkh/T"
}
],
"release_date": "2025-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation"
},
{
"cve": "CVE-2025-39760",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394601"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39760"
},
{
"category": "external",
"summary": "RHBZ#2394601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39760",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39760"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39760-2d5f@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39760-2d5f@gregkh/T"
}
],
"release_date": "2025-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing"
},
{
"cve": "CVE-2025-39933",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-10-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401432"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: let recv_done verify data_offset, data_length and remaining_data_length\n\nThis is inspired by the related server fixes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "SMB Direct client failed to validate data_offset, data_length, and remaining_data_length in SMBD \u201cdata transfer\u201d messages. A malicious server can craft values that cause out-of-bounds access in the kernel receive path, leading to memory corruption and potential code execution.\nA malicious SMB Direct server can trigger a kernel crash on a connected and authenticated Linux client by sending malformed data transfer packets over an active RDMA session.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39933"
},
{
"category": "external",
"summary": "RHBZ#2401432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39933",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39933"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39933-e224@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025100417-CVE-2025-39933-e224@gregkh/T"
}
],
"release_date": "2025-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length"
},
{
"cve": "CVE-2025-40269",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2025-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419919"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential overflow of PCM transfer buffer\n\nThe PCM stream data in USB-audio driver is transferred over USB URB\npacket buffers, and each packet size is determined dynamically. The\npacket sizes are limited by some factors such as wMaxPacketSize USB\ndescriptor. OTOH, in the current code, the actually used packet sizes\nare determined only by the rate and the PPS, which may be bigger than\nthe size limit above. This results in a buffer overflow, as reported\nby syzbot.\n\nBasically when the limit is smaller than the calculated packet size,\nit implies that something is wrong, most likely a weird USB\ndescriptor. So the best option would be just to return an error at\nthe parameter setup time before doing any further operations.\n\nThis patch introduces such a sanity check, and returns -EINVAL when\nthe packet size is greater than maxpacksize. The comparison with\nep-\u003epacksize[1] alone should suffice since it\u0027s always equal or\ngreater than ep-\u003epacksize[0].",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40269"
},
{
"category": "external",
"summary": "RHBZ#2419919",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419919"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40269"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40269",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40269"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40269-9769@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40269-9769@gregkh/T"
}
],
"release_date": "2025-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the `snd_usb_audio` kernel module from loading if USB audio functionality is not required. Create a file `/etc/modprobe.d/disable-snd-usb-audio.conf` with the following content:\n`install snd_usb_audio /bin/true`\nAfter creating the file, a system reboot is required for the changes to take effect. This action will disable all USB audio device functionality.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service"
},
{
"cve": "CVE-2025-40271",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419837"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: fix uaf in proc_readdir_de()\n\nPde is erased from subdir rbtree through rb_erase(), but not set the node\nto EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()\nset the erased node to EMPTY, then pde_subdir_next() will return NULL to\navoid uaf access.\n\nWe found an uaf issue while using stress-ng testing, need to run testcase\ngetdent and tun in the same time. The steps of the issue is as follows:\n\n1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current\n pde is tun3;\n\n2) in the [time windows] unregister netdevice tun3 and tun2, and erase\n them from rbtree. erase tun3 first, and then erase tun2. the\n pde(tun2) will be released to slab;\n\n3) continue to getdent process, then pde_subdir_next() will return\n pde(tun2) which is released, it will case uaf access.\n\nCPU 0 | CPU 1\n-------------------------------------------------------------------------\ntraverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun-\u003edev) //tun3 tun2\nsys_getdents64() |\n iterate_dir() |\n proc_readdir() |\n proc_readdir_de() | snmp6_unregister_dev()\n pde_get(de); | proc_remove()\n read_unlock(\u0026proc_subdir_lock); | remove_proc_subtree()\n | write_lock(\u0026proc_subdir_lock);\n [time window] | rb_erase(\u0026root-\u003esubdir_node, \u0026parent-\u003esubdir);\n | write_unlock(\u0026proc_subdir_lock);\n read_lock(\u0026proc_subdir_lock); |\n next = pde_subdir_next(de); |\n pde_put(de); |\n de = next; //UAF |\n\nrbtree of dev_snmp6\n |\n pde(tun3)\n / \\\n NULL pde(tun2)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability is a race condition in /proc directory enumeration, where a proc_dir_entry can be freed after rb_erase() but still referenced because the rbtree node is not cleared. A local unprivileged attacker can trigger a use-after-free by running getdents() (that calls proc_readdir_de()) in parallel with rapid creation and removal of network-related proc entries (e.g., tun devices). In practice this leads to a kernel NULL-pointer dereference or slab-UAF crash. Reliable exploitation beyond denial-of-service is unlikely due to the narrow timing window, but theoretically possible.\nThe bug could be triggered by the local attacker with the ability to create and remove network devices (e.g. CAP_NET_ADMIN).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40271"
},
{
"category": "external",
"summary": "RHBZ#2419837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419837"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40271"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40271-7612@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40271-7612@gregkh/T"
}
],
"release_date": "2025-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service."
},
{
"cve": "CVE-2025-68349",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2424880"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid\n\nFixes a crash when layout is null during this call stack:\n\nwrite_inode\n -\u003e nfs4_write_inode\n -\u003e pnfs_layoutcommit_inode\n\npnfs_set_layoutcommit relies on the lseg refcount to keep the layout\naround. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt\nto reference a null layout.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug is caused by a stale state flag (NFS_INO_LAYOUTCOMMIT) remaining set after the pNFS layout has been invalidated, leading to a NULL pointer dereference during layout commit handling. The issue results in a kernel crash when specific NFS writeback paths are executed. As it involves no memory corruption or attacker-controlled data, it represents a denial-of-service condition only.\nThe issue is triggered by a connected NFS client through normal pNFS writeback flows and affects the NFS server kernel, requiring an established NFSv4 session rather than unauthenticated network access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68349"
},
{
"category": "external",
"summary": "RHBZ#2424880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68349"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68349-12d5@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68349-12d5@gregkh/T"
}
],
"release_date": "2025-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-25T14:18:41+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3358"
},
{
"category": "workaround",
"details": "If NFS service not being used, then disable it to prevent possibility of triggering this bug (and usually it is disabled by default):\nsudo systemctl stop nfs-server\nsudo systemctl disable nfs-server",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.158.1.rt14.443.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…