RHSA-2025:15837
Vulnerability from csaf_redhat - Published: 2025-09-15 16:11 - Updated: 2025-12-18 23:32Summary
Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)
Notes
Topic
Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.
Details
Red Hat® Enterprise Linux® AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Enterprise Linux AI 1.5 (NVIDIA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae Enterprise Linux\u00ae AI is a foundation model platform to seamlessly develop, test, and run Granite family large language models (LLMs) for enterprise applications.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15837",
"url": "https://access.redhat.com/errata/RHSA-2025:15837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-48379",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-47277",
"url": "https://access.redhat.com/security/cve/cve-2025-47277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai",
"url": "https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux/ai"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15837.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Enterprise Linux AI 1.5 (NVIDIA)",
"tracking": {
"current_release_date": "2025-12-18T23:32:22+00:00",
"generator": {
"date": "2025-12-18T23:32:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:15837",
"initial_release_date": "2025-09-15T16:11:05+00:00",
"revision_history": [
{
"date": "2025-09-15T16:11:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-11-17T22:18:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-18T23:32:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AI 1.5",
"product": {
"name": "Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux_ai:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64",
"product": {
"name": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64",
"product_id": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/bootc-gcp-nvidia-rhel9@sha256%3Ae0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17?arch=amd64\u0026repository_url=registry.redhat.io/rhelai1\u0026tag=1.5.3-1756815294"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64 as a component of Red Hat Enterprise Linux AI 1.5",
"product_id": "Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
},
"product_reference": "registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64",
"relates_to_product_reference": "Red Hat Enterprise Linux AI 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47277",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-05-20T18:00:58.703636+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2367605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM. This vulnerability allows unauthorized access to key-value caches via network exposure of the `TCPStore` interface when using the `PyNcclPipe` KV cache transfer integration with the V0 engine.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, Red Hat products are configured to restrict vLLM nodes to an isolated network. However, this vulnerability could become relevant if customers change the specific configurations, and therefore, Red Hat products are affected.\n\nThis vulnerability is classified as Moderate rather than Critical because its exploitability and impact are constrained by specific deployment contexts and assumptions about network trust boundaries. While the use of pickle.loads on untrusted input typically leads to remote code execution (RCE), the vulnerable PyNcclPipe interface is not intended to be exposed to the internet or untrusted networks, it is designed for use within a secured, internal cluster environment as explicitly documented by vLLM. Successful exploitation requires an attacker to have direct network access to a misconfigured or poorly segmented system where the KV cache transfer service is bound to a public interface. Additionally, the vulnerable code path exists only in a niche configuration (V0 engine with PyNcclPipe), further reducing its exposure. Therefore, while the flaw does introduce RCE risk in misconfigured setups, the combination of non-default exposure, clear documentation, and limited applicability justifies a reduced impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47277"
},
{
"category": "external",
"summary": "RHBZ#2367605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2367605"
},
{
"category": "external",
"summary": "RHSB-2025-001",
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2025-001"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47277"
},
{
"category": "external",
"summary": "https://docs.vllm.ai/en/latest/deployment/security.html",
"url": "https://docs.vllm.ai/en/latest/deployment/security.html"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7",
"url": "https://github.com/vllm-project/vllm/commit/0d6e187e88874c39cda7409cf673f9e6546893e7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/15988",
"url": "https://github.com/vllm-project/vllm/pull/15988"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv"
}
],
"release_date": "2025-05-20T17:32:27.034000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:05+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15837",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15837"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM Allows Remote Code Execution via PyNcclPipe Communication Service"
},
{
"cve": "CVE-2025-48379",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-01T19:00:57.380377+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2375795"
}
],
"notes": [
{
"category": "description",
"text": "A critical vulnerability was identified in the Pillow image processing library. This flaw could allow a local attacker to execute arbitrary code or cause the application to crash, resulting in a denial of service. An attacker can exploit this vulnerability by tricking an application into processing a specially crafted image file. The issue occurs because the library writes more data than an allocated memory buffer can hold, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was rated as Important by the Red Hat Product Security Engineer. An attacker may leverage that by crafting a malicious DDS image bigger than 64k (when encoded). This happens because of the lack of size checking when writing the image data into an internal buffer. When successfully exploited, this vulnerability may lead to a local arbitrary code execution within the user privileges similar to the ones for the user running the application or a denial of service for the application consuming the Pillow library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48379"
},
{
"category": "external",
"summary": "RHBZ#2375795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2375795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48379"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48379"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4",
"url": "https://github.com/python-pillow/Pillow/commit/ef98b3510e3e4f14b547762764813d7e5ca3c5a4"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9041",
"url": "https://github.com/python-pillow/Pillow/pull/9041"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0",
"url": "https://github.com/python-pillow/Pillow/releases/tag/11.3.0"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-xg8h-j46f-w952"
}
],
"release_date": "2025-07-01T18:33:30.687000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-15T16:11:05+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2025:15837",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15837"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Enterprise Linux AI 1.5:registry.redhat.io/rhelai1/bootc-gcp-nvidia-rhel9@sha256:e0f422a906d386596295e99b64c6158ae44b6b8a12be30868865e76742fccb17_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pillow: pillow: Pillow DDS Heap Buffer Overflow"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…