RHSA-2025:23445
Vulnerability from csaf_redhat - Published: 2025-12-17 07:48 - Updated: 2025-12-23 00:02Summary
Red Hat Security Advisory: kernel security update
Notes
Topic
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug (CVE-2022-48701)
* kernel: ethtool: check device is present when getting link settings (CVE-2024-46679)
* kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too (CVE-2025-38729)
* kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)
* kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)
* kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)
* kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757)
* kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)
* kernel: mm: fix zswap writeback race condition (CVE-2023-53178)
* kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets (CVE-2023-53226)
* kernel: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (CVE-2023-53297)
* kernel: smb: client: fix race with concurrent opens in rename(2) (CVE-2025-39825)
* kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)
* kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)
* kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)
* kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (CVE-2023-53365)
* kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)
* kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)
* kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (CVE-2023-53393)
* kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)
* kernel: Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386)
* kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values (CVE-2022-50403)
* kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (CVE-2022-50408)
* kernel: NFSD: Protect against send buffer overflow in NFSv2 READ (CVE-2022-50410)
* kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)
* kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)
* kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841)
* kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)
* kernel: NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (CVE-2023-53680)
* kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)
* kernel: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (CVE-2025-40186)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug (CVE-2022-48701)\n\n* kernel: ethtool: check device is present when getting link settings (CVE-2024-46679)\n\n* kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too (CVE-2025-38729)\n\n* kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)\n\n* kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)\n\n* kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)\n\n* kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757)\n\n* kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)\n\n* kernel: mm: fix zswap writeback race condition (CVE-2023-53178)\n\n* kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets (CVE-2023-53226)\n\n* kernel: Bluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp (CVE-2023-53297)\n\n* kernel: smb: client: fix race with concurrent opens in rename(2) (CVE-2025-39825)\n\n* kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)\n\n* kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)\n\n* kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)\n\n* kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (CVE-2023-53365)\n\n* kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)\n\n* kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)\n\n* kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (CVE-2023-53393)\n\n* kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)\n\n* kernel: Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386)\n\n* kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values (CVE-2022-50403)\n\n* kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (CVE-2022-50408)\n\n* kernel: NFSD: Protect against send buffer overflow in NFSv2 READ (CVE-2022-50410)\n\n* kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)\n\n* kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)\n\n* kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path (CVE-2025-39841)\n\n* kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)\n\n* kernel: NFSD: Avoid calling OPDESC() with ops-\u003eopnum == OP_ILLEGAL (CVE-2023-53680)\n\n* kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (CVE-2025-39955)\n\n* kernel: tcp: Don\u0027t call reqsk_fastopen_remove() in tcp_conn_request() (CVE-2025-40186)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23445",
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2278950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278950"
},
{
"category": "external",
"summary": "2312067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312067"
},
{
"category": "external",
"summary": "2393164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393164"
},
{
"category": "external",
"summary": "2393166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393166"
},
{
"category": "external",
"summary": "2393172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393172"
},
{
"category": "external",
"summary": "2393481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393481"
},
{
"category": "external",
"summary": "2394615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394615"
},
{
"category": "external",
"summary": "2395267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395267"
},
{
"category": "external",
"summary": "2395358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395358"
},
{
"category": "external",
"summary": "2395420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395420"
},
{
"category": "external",
"summary": "2395681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395681"
},
{
"category": "external",
"summary": "2395792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395792"
},
{
"category": "external",
"summary": "2395805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395805"
},
{
"category": "external",
"summary": "2395858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395858"
},
{
"category": "external",
"summary": "2396114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396114"
},
{
"category": "external",
"summary": "2396130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396130"
},
{
"category": "external",
"summary": "2396152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396152"
},
{
"category": "external",
"summary": "2396158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396158"
},
{
"category": "external",
"summary": "2396376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396376"
},
{
"category": "external",
"summary": "2396379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396379"
},
{
"category": "external",
"summary": "2396431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396431"
},
{
"category": "external",
"summary": "2396494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396494"
},
{
"category": "external",
"summary": "2396506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396506"
},
{
"category": "external",
"summary": "2396536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396536"
},
{
"category": "external",
"summary": "2396538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396538"
},
{
"category": "external",
"summary": "2396934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396934"
},
{
"category": "external",
"summary": "2396944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396944"
},
{
"category": "external",
"summary": "2397553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397553"
},
{
"category": "external",
"summary": "2402213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402213"
},
{
"category": "external",
"summary": "2402699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402699"
},
{
"category": "external",
"summary": "2414724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414724"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23445.json"
}
],
"title": "Red Hat Security Advisory: kernel security update",
"tracking": {
"current_release_date": "2025-12-23T00:02:27+00:00",
"generator": {
"date": "2025-12-23T00:02:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23445",
"initial_release_date": "2025-12-17T07:48:31+00:00",
"revision_history": [
{
"date": "2025-12-17T07:48:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-17T07:48:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-23T00:02:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-core@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-core@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-devel@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-modules-extra@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-devel@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-modules-extra@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "perf-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "perf-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/bpftool-debuginfo@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo-common-x86_64@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf-debuginfo@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product": {
"name": "python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_id": "python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-perf-debuginfo@4.18.0-193.178.1.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-0:4.18.0-193.178.1.el8_2.src",
"product": {
"name": "kernel-0:4.18.0-193.178.1.el8_2.src",
"product_id": "kernel-0:4.18.0-193.178.1.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.18.0-193.178.1.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"product": {
"name": "kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"product_id": "kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-abi-whitelists@4.18.0-193.178.1.el8_2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"product": {
"name": "kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"product_id": "kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-doc@4.18.0-193.178.1.el8_2?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-193.178.1.el8_2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src"
},
"product_reference": "kernel-0:4.18.0-193.178.1.el8_2.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch"
},
"product_reference": "kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-core-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-doc-0:4.18.0-193.178.1.el8_2.noarch as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch"
},
"product_reference": "kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "perf-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
},
"product_reference": "python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-48701",
"discovery_date": "2024-05-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2278950"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel ALSA USB audio driver. This vulnerability allows a denial of service via a crafted USB audio device.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-48701"
},
{
"category": "external",
"summary": "RHBZ#2278950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278950"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-48701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-48701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48701"
}
],
"release_date": "2024-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug"
},
{
"cve": "CVE-2022-50356",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396152"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sfb: fix null pointer access issue when sfb_init() fails\n\nWhen the default qdisc is sfb, if the qdisc of dev_queue fails to be\ninited during mqprio_init(), sfb_reset() is invoked to clear resources.\nIn this case, the q-\u003eqdisc is NULL, and it will cause gpf issue.\n\nThe process is as follows:\nqdisc_create_dflt()\n\tsfb_init()\n\t\ttcf_block_get() ---\u003efailed, q-\u003eqdisc is NULL\n\t...\n\tqdisc_put()\n\t\t...\n\t\tsfb_reset()\n\t\t\tqdisc_reset(q-\u003eqdisc) ---\u003eq-\u003eqdisc is NULL\n\t\t\t\tops = qdisc-\u003eops\n\nThe following is the Call Trace information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nRIP: 0010:qdisc_reset+0x2b/0x6f0\nCall Trace:\n\u003cTASK\u003e\nsfb_reset+0x37/0xd0\nqdisc_reset+0xed/0x6f0\nqdisc_destroy+0x82/0x4c0\nqdisc_put+0x9e/0xb0\nqdisc_create_dflt+0x2c3/0x4a0\nmqprio_init+0xa71/0x1760\nqdisc_create+0x3eb/0x1000\ntc_modify_qdisc+0x408/0x1720\nrtnetlink_rcv_msg+0x38e/0xac0\nnetlink_rcv_skb+0x12d/0x3a0\nnetlink_unicast+0x4a2/0x740\nnetlink_sendmsg+0x826/0xcc0\nsock_sendmsg+0xc5/0x100\n____sys_sendmsg+0x583/0x690\n___sys_sendmsg+0xe8/0x160\n__sys_sendmsg+0xbf/0x160\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f2164122d04\n\u003c/TASK\u003e",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50356"
},
{
"category": "external",
"summary": "RHBZ#2396152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50356"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091714-CVE-2022-50356-fe76@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091714-CVE-2022-50356-fe76@gregkh/T"
}
],
"release_date": "2025-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails"
},
{
"cve": "CVE-2022-50367",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396114"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode-\u003ei_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode-\u003ei_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This patch fixes a use-after-free/GPF bug in the NILFS2 metadata handling. When security_inode_alloc() failed, an uninitialized inode-\u003ei_private pointer could later be freed by nilfs_mdt_destroy(), leading to memory corruption or crashes.\nYou can reproduce this issue on systems using NILFS, because the crash path involves nilfs_mdt_destroy() freeing inode-\u003ei_private when security_inode_alloc() fails. On other filesystems the same cleanup path does not run, so accidental freeing of that uninitialized field is far less likely.\nConsequently, systems not using NILFS are at much lower risk unless they have other code that similarly frees inode-\u003ei_private.\nFor the all versions of the Red Hat Enterprise Linux the config param CONFIG_NILFS2_FS disabled, so with the known scenario of attack it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50367"
},
{
"category": "external",
"summary": "RHBZ#2396114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50367"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091716-CVE-2022-50367-651c@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091716-CVE-2022-50367-651c@gregkh/T"
}
],
"release_date": "2025-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy"
},
{
"cve": "CVE-2022-50386",
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396431"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix user-after-free\n\nThis uses l2cap_chan_hold_unless_zero() after calling\n__l2cap_get_chan_blah() to prevent the following trace:\n\nBluetooth: l2cap_core.c:static void l2cap_chan_destroy(struct kref\n*kref)\nBluetooth: chan 0000000023c4974d\nBluetooth: parent 00000000ae861c08\n==================================================================\nBUG: KASAN: use-after-free in __mutex_waiter_is_first\nkernel/locking/mutex.c:191 [inline]\nBUG: KASAN: use-after-free in __mutex_lock_common\nkernel/locking/mutex.c:671 [inline]\nBUG: KASAN: use-after-free in __mutex_lock+0x278/0x400\nkernel/locking/mutex.c:729\nRead of size 8 at addr ffff888006a49b08 by task kworker/u3:2/389",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth: L2CAP: Fix user-after-free",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A use-after-free in the Bluetooth L2CAP subsystem could occur when handling channel responses in l2cap_connect_create_rsp(), due to missing reference checks. This condition can be triggered during race conditions between channel creation and teardown, leading to kernel crashes. Exploitation is most practical as a local or adjacent denial of service over Bluetooth.\n\nL2CAP underpins many Bluetooth profiles and services (BLE ATT/GATT, RFCOMM, A2DP/AVRCP, HID, PAN, SDP, OBEX, etc.). Any profile that creates logical L2CAP channels may be involved. Common real-world triggers include BLE GATT interactions, audio profiles, HID devices, and tethering/PAN connections.\n\nAn attacker within radio range can attempt to repeatedly open/close or otherwise race L2CAP channels to increase likelihood of the race (fast connect/disconnect storms or parallel requests).\n\nMost realistic impact is a local/adjacent attacker (in Bluetooth radio range) who can actively interact with the target Bluetooth stack.\n\nThe CIA=HHH for CVSS is a conservative/precautionary assessment. In practical terms, successful privilege escalation or remote compromise is unlikely but theoretically possible: to do so an attacker would need to craft a sequence that causes controlled memory corruption and further exploit kernel memory layout \u2014 substantially harder than causing a crash.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50386"
},
{
"category": "external",
"summary": "RHBZ#2396431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50386"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50386",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50386"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50386-07d7@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50386-07d7@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the customer portal at https://access.redhat.com/solutions/2682931.\n\nAlternatively, bluetooth can be disabled within the hardware or at the BIOS level, which will also provide effective mitigation as the kernel will not detect Bluetooth hardware on the system.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Bluetooth: L2CAP: Fix user-after-free"
},
{
"cve": "CVE-2022-50403",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396494"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was identified in the Linux kernel\u0027s ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image, the kernel performs an incorrect calculation. This action results in unpredictable system behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50403"
},
{
"category": "external",
"summary": "RHBZ#2396494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50403",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50403"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50403"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50403-0471@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50403-0471@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values"
},
{
"cve": "CVE-2022-50406",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396538"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: iomap: fix memory corruption when recording errors during writeback\n\nEvery now and then I see this crash on arm64:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000f8\nBuffer I/O error on dev dm-0, logical block 8733687, async page read\nMem abort info:\n ESR = 0x0000000096000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\nuser pgtable: 64k pages, 42-bit VAs, pgdp=0000000139750000\n[00000000000000f8] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000, pmd=0000000000000000\nInternal error: Oops: 96000006 [#1] PREEMPT SMP\nBuffer I/O error on dev dm-0, logical block 8733688, async page read\nDumping ftrace buffer:\nBuffer I/O error on dev dm-0, logical block 8733689, async page read\n (ftrace buffer empty)\nXFS (dm-0): log I/O error -5\nModules linked in: dm_thin_pool dm_persistent_data\nXFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ec/0x590 [xfs] (fs/xfs/xfs_trans_buf.c:296).\n dm_bio_prison\nXFS (dm-0): Please unmount the filesystem and rectify the problem(s)\nXFS (dm-0): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -5, agno 0\n dm_bufio dm_log_writes xfs nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_REJECT\npotentially unexpected fatal signal 6.\n nf_reject_ipv6\npotentially unexpected fatal signal 6.\n ipt_REJECT nf_reject_ipv4\nCPU: 1 PID: 122166 Comm: fsstress Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7\n rpcsec_gss_krb5 auth_rpcgss xt_tcpudp ip_set_hash_ip ip_set_hash_net xt_set nft_compat ip_set_hash_mac ip_set nf_tables\nHardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021\npstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)\n ip_tables\npc : 000003fd6d7df200\n x_tables\nlr : 000003fd6d7df1ec\n overlay nfsv4\nCPU: 0 PID: 54031 Comm: u4:3 Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7405\nHardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021\nWorkqueue: writeback wb_workfn\nsp : 000003ffd9522fd0\n (flush-253:0)\npstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)\npc : errseq_set+0x1c/0x100\nx29: 000003ffd9522fd0 x28: 0000000000000023 x27: 000002acefeb6780\nx26: 0000000000000005 x25: 0000000000000001 x24: 0000000000000000\nx23: 00000000ffffffff x22: 0000000000000005\nlr : __filemap_set_wb_err+0x24/0xe0\n x21: 0000000000000006\nsp : fffffe000f80f760\nx29: fffffe000f80f760 x28: 0000000000000003 x27: fffffe000f80f9f8\nx26: 0000000002523000 x25: 00000000fffffffb x24: fffffe000f80f868\nx23: fffffe000f80fbb0 x22: fffffc0180c26a78 x21: 0000000002530000\nx20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000\n\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000001 x13: 0000000000470af3 x12: fffffc0058f70000\nx11: 0000000000000040 x10: 0000000000001b20 x9 : fffffe000836b288\nx8 : fffffc00eb9fd480 x7 : 0000000000f83659 x6 : 0000000000000000\nx5 : 0000000000000869 x4 : 0000000000000005 x3 : 00000000000000f8\nx20: 000003fd6d740020 x19: 000000000001dd36 x18: 0000000000000001\nx17: 000003fd6d78704c x16: 0000000000000001 x15: 000002acfac87668\nx2 : 0000000000000ffa x1 : 00000000fffffffb x0 : 00000000000000f8\nCall trace:\n errseq_set+0x1c/0x100\n __filemap_set_wb_err+0x24/0xe0\n iomap_do_writepage+0x5e4/0xd5c\n write_cache_pages+0x208/0x674\n iomap_writepages+0x34/0x60\n xfs_vm_writepages+0x8c/0xcc [xfs 7a861f39c43631f15d3a5884246ba5035d4ca78b]\nx14: 0000000000000000 x13: 2064656e72757465 x12: 0000000000002180\nx11: 000003fd6d8a82d0 x10: 0000000000000000 x9 : 000003fd6d8ae288\nx8 : 0000000000000083 x7 : 00000000ffffffff x6 : 00000000ffffffee\nx5 : 00000000fbad2887 x4 : 000003fd6d9abb58 x3 : 000003fd6d740020\nx2 : 0000000000000006 x1 : 000000000001dd36 x0 : 0000000000000000\nCPU: \n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: iomap: iomap: fix memory corruption when recording errors during writeback",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50406"
},
{
"category": "external",
"summary": "RHBZ#2396538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50406",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50406"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3d5f3ba1ac28059bdf7000cae2403e4e984308d2",
"url": "https://git.kernel.org/stable/c/3d5f3ba1ac28059bdf7000cae2403e4e984308d2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7308591d9c7787aec58f6a01a7823f14e90db7a2",
"url": "https://git.kernel.org/stable/c/7308591d9c7787aec58f6a01a7823f14e90db7a2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/82c66c46f73b88be74c869e2cbfef45281adf3c6",
"url": "https://git.kernel.org/stable/c/82c66c46f73b88be74c869e2cbfef45281adf3c6"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: iomap: iomap: fix memory corruption when recording errors during writeback"
},
{
"cve": "CVE-2022-50408",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396506"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()\n\n\u003e ret = brcmf_proto_tx_queue_data(drvr, ifp-\u003eifidx, skb);\n\nmay be schedule, and then complete before the line\n\n\u003e ndev-\u003estats.tx_bytes += skb-\u003elen;\n\n[ 46.912801] ==================================================================\n[ 46.920552] BUG: KASAN: use-after-free in brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]\n[ 46.928673] Read of size 4 at addr ffffff803f5882e8 by task systemd-resolve/328\n[ 46.935991]\n[ 46.937514] CPU: 1 PID: 328 Comm: systemd-resolve Tainted: G O 5.4.199-[REDACTED] #1\n[ 46.947255] Hardware name: [REDACTED]\n[ 46.954568] Call trace:\n[ 46.957037] dump_backtrace+0x0/0x2b8\n[ 46.960719] show_stack+0x24/0x30\n[ 46.964052] dump_stack+0x128/0x194\n[ 46.967557] print_address_description.isra.0+0x64/0x380\n[ 46.972877] __kasan_report+0x1d4/0x240\n[ 46.976723] kasan_report+0xc/0x18\n[ 46.980138] __asan_report_load4_noabort+0x18/0x20\n[ 46.985027] brcmf_netdev_start_xmit+0x718/0x8c8 [brcmfmac]\n[ 46.990613] dev_hard_start_xmit+0x1bc/0xda0\n[ 46.994894] sch_direct_xmit+0x198/0xd08\n[ 46.998827] __qdisc_run+0x37c/0x1dc0\n[ 47.002500] __dev_queue_xmit+0x1528/0x21f8\n[ 47.006692] dev_queue_xmit+0x24/0x30\n[ 47.010366] neigh_resolve_output+0x37c/0x678\n[ 47.014734] ip_finish_output2+0x598/0x2458\n[ 47.018927] __ip_finish_output+0x300/0x730\n[ 47.023118] ip_output+0x2e0/0x430\n[ 47.026530] ip_local_out+0x90/0x140\n[ 47.030117] igmpv3_sendpack+0x14c/0x228\n[ 47.034049] igmpv3_send_cr+0x384/0x6b8\n[ 47.037895] igmp_ifc_timer_expire+0x4c/0x118\n[ 47.042262] call_timer_fn+0x1cc/0xbe8\n[ 47.046021] __run_timers+0x4d8/0xb28\n[ 47.049693] run_timer_softirq+0x24/0x40\n[ 47.053626] __do_softirq+0x2c0/0x117c\n[ 47.057387] irq_exit+0x2dc/0x388\n[ 47.060715] __handle_domain_irq+0xb4/0x158\n[ 47.064908] gic_handle_irq+0x58/0xb0\n[ 47.068581] el0_irq_naked+0x50/0x5c\n[ 47.072162]\n[ 47.073665] Allocated by task 328:\n[ 47.077083] save_stack+0x24/0xb0\n[ 47.080410] __kasan_kmalloc.isra.0+0xc0/0xe0\n[ 47.084776] kasan_slab_alloc+0x14/0x20\n[ 47.088622] kmem_cache_alloc+0x15c/0x468\n[ 47.092643] __alloc_skb+0xa4/0x498\n[ 47.096142] igmpv3_newpack+0x158/0xd78\n[ 47.099987] add_grhead+0x210/0x288\n[ 47.103485] add_grec+0x6b0/0xb70\n[ 47.106811] igmpv3_send_cr+0x2e0/0x6b8\n[ 47.110657] igmp_ifc_timer_expire+0x4c/0x118\n[ 47.115027] call_timer_fn+0x1cc/0xbe8\n[ 47.118785] __run_timers+0x4d8/0xb28\n[ 47.122457] run_timer_softirq+0x24/0x40\n[ 47.126389] __do_softirq+0x2c0/0x117c\n[ 47.130142]\n[ 47.131643] Freed by task 180:\n[ 47.134712] save_stack+0x24/0xb0\n[ 47.138041] __kasan_slab_free+0x108/0x180\n[ 47.142146] kasan_slab_free+0x10/0x18\n[ 47.145904] slab_free_freelist_hook+0xa4/0x1b0\n[ 47.150444] kmem_cache_free+0x8c/0x528\n[ 47.154292] kfree_skbmem+0x94/0x108\n[ 47.157880] consume_skb+0x10c/0x5a8\n[ 47.161466] __dev_kfree_skb_any+0x88/0xa0\n[ 47.165598] brcmu_pkt_buf_free_skb+0x44/0x68 [brcmutil]\n[ 47.171023] brcmf_txfinalize+0xec/0x190 [brcmfmac]\n[ 47.176016] brcmf_proto_bcdc_txcomplete+0x1c0/0x210 [brcmfmac]\n[ 47.182056] brcmf_sdio_sendfromq+0x8dc/0x1e80 [brcmfmac]\n[ 47.187568] brcmf_sdio_dpc+0xb48/0x2108 [brcmfmac]\n[ 47.192529] brcmf_sdio_dataworker+0xc8/0x238 [brcmfmac]\n[ 47.197859] process_one_work+0x7fc/0x1a80\n[ 47.201965] worker_thread+0x31c/0xc40\n[ 47.205726] kthread+0x2d8/0x370\n[ 47.208967] ret_from_fork+0x10/0x18\n[ 47.212546]\n[ 47.214051] The buggy address belongs to the object at ffffff803f588280\n[ 47.214051] which belongs to the cache skbuff_head_cache of size 208\n[ 47.227086] The buggy address is located 104 bytes inside of\n[ 47.227086] 208-byte region [ffffff803f588280, ffffff803f588350)\n[ 47.238814] The buggy address belongs to the page:\n[ 47.243618] page:ffffffff00dd6200 refcount:1 mapcou\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Use-After-Free vulnerability was found in brcmf_netdev_start_xmit() in the Broadcom brcmfmac driver.\nThe function updated ndev-\u003estats.tx_bytes after calling brcmf_proto_tx_queue_data(), which may complete asynchronously and free the skb object before accessing it.\nThe patch stores skb-\u003elen in a local variable before the transmission call to prevent dereferencing freed memory.\nPrivilege required is low (PR:L) since the issue is triggered during normal packet transmission from a network interface, accessible to local processes using networking APIs.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50408"
},
{
"category": "external",
"summary": "RHBZ#2396506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396506"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50408",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50408"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50408",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50408"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50408-5835@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50408-5835@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module brcmfmac from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()"
},
{
"cve": "CVE-2022-50410",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396536"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Protect against send buffer overflow in NFSv2 READ\n\nSince before the git era, NFSD has conserved the number of pages\nheld by each nfsd thread by combining the RPC receive and send\nbuffers into a single array of pages. This works because there are\nno cases where an operation needs a large RPC Call message and a\nlarge RPC Reply at the same time.\n\nOnce an RPC Call has been received, svc_process() updates\nsvc_rqst::rq_res to describe the part of rq_pages that can be\nused for constructing the Reply. This means that the send buffer\n(rq_res) shrinks when the received RPC record containing the RPC\nCall is large.\n\nA client can force this shrinkage on TCP by sending a correctly-\nformed RPC Call header contained in an RPC record that is\nexcessively large. The full maximum payload size cannot be\nconstructed in that case.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSD: Protect against send buffer overflow in NFSv2 READ",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A logic flaw in the NFSv2 server implementation could allow a remote NFS client to trigger a send-buffer overflow by sending a valid but excessively large RPC Call header, resulting in an oversized READ request exceeding the available response buffer. Successful exploitation could lead to memory corruption and potential denial of service (kernel crash).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50410"
},
{
"category": "external",
"summary": "RHBZ#2396536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50410",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50410"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50410-edee@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50410-edee@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NFSD: Protect against send buffer overflow in NFSv2 READ"
},
{
"cve": "CVE-2023-53178",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2025-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395358"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix zswap writeback race condition\n\nThe zswap writeback mechanism can cause a race condition resulting in\nmemory corruption, where a swapped out page gets swapped in with data that\nwas written to a different page.\n\nThe race unfolds like this:\n1. a page with data A and swap offset X is stored in zswap\n2. page A is removed off the LRU by zpool driver for writeback in\n zswap-shrink work, data for A is mapped by zpool driver\n3. user space program faults and invalidates page entry A, offset X is\n considered free\n4. kswapd stores page B at offset X in zswap (zswap could also be\n full, if so, page B would then be IOed to X, then skip step 5.)\n5. entry A is replaced by B in tree-\u003erbroot, this doesn\u0027t affect the\n local reference held by zswap-shrink work\n6. zswap-shrink work writes back A at X, and frees zswap entry A\n7. swapin of slot X brings A in memory instead of B\n\nThe fix:\nOnce the swap page cache has been allocated (case ZSWAP_SWAPCACHE_NEW),\nzswap-shrink work just checks that the local zswap_entry reference is\nstill the same as the one in the tree. If it\u0027s not the same it means that\nit\u0027s either been invalidated or replaced, in both cases the writeback is\naborted because the local entry contains stale data.\n\nReproducer:\nI originally found this by running `stress` overnight to validate my work\non the zswap writeback mechanism, it manifested after hours on my test\nmachine. The key to make it happen is having zswap writebacks, so\nwhatever setup pumps /sys/kernel/debug/zswap/written_back_pages should do\nthe trick.\n\nIn order to reproduce this faster on a vm, I setup a system with ~100M of\navailable memory and a 500M swap file, then running `stress --vm 1\n--vm-bytes 300000000 --vm-stride 4000` makes it happen in matter of tens\nof minutes. One can speed things up even more by swinging\n/sys/module/zswap/parameters/max_pool_percent up and down between, say, 20\nand 1; this makes it reproduce in tens of seconds. It\u0027s crucial to set\n`--vm-stride` to something other than 4096 otherwise `stress` won\u0027t\nrealize that memory has been corrupted because all pages would have the\nsame data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mm: fix zswap writeback race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is a race condition in the zswap writeback path that can lead to memory corruption when a swap slot is reused while a writeback is still in progress.\nA local unprivileged user can potentially trigger this issue by applying heavy memory pressure and causing frequent zswap evictions.\nWhile exploitation for data leakage or privilege escalation is unlikely, the flaw can result in data integrity issues or system instability under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53178"
},
{
"category": "external",
"summary": "RHBZ#2395358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53178"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091555-CVE-2023-53178-9d27@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091555-CVE-2023-53178-9d27@gregkh/T"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mm: fix zswap writeback race condition"
},
{
"cve": "CVE-2023-53213",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395267"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()\n\nFix a slab-out-of-bounds read that occurs in kmemdup() called from\nbrcmf_get_assoc_ies().\nThe bug could occur when assoc_info-\u003ereq_len, data from a URB provided\nby a USB device, is bigger than the size of buffer which is defined as\nWL_EXTRA_BUF_MAX.\n\nAdd the size check for req_len/resp_len of assoc_info.\n\nFound by a modified version of syzkaller.\n\n[ 46.592467][ T7] ==================================================================\n[ 46.594687][ T7] BUG: KASAN: slab-out-of-bounds in kmemdup+0x3e/0x50\n[ 46.596572][ T7] Read of size 3014656 at addr ffff888019442000 by task kworker/0:1/7\n[ 46.598575][ T7]\n[ 46.599157][ T7] CPU: 0 PID: 7 Comm: kworker/0:1 Tainted: G O 5.14.0+ #145\n[ 46.601333][ T7] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014\n[ 46.604360][ T7] Workqueue: events brcmf_fweh_event_worker\n[ 46.605943][ T7] Call Trace:\n[ 46.606584][ T7] dump_stack_lvl+0x8e/0xd1\n[ 46.607446][ T7] print_address_description.constprop.0.cold+0x93/0x334\n[ 46.608610][ T7] ? kmemdup+0x3e/0x50\n[ 46.609341][ T7] kasan_report.cold+0x79/0xd5\n[ 46.610151][ T7] ? kmemdup+0x3e/0x50\n[ 46.610796][ T7] kasan_check_range+0x14e/0x1b0\n[ 46.611691][ T7] memcpy+0x20/0x60\n[ 46.612323][ T7] kmemdup+0x3e/0x50\n[ 46.612987][ T7] brcmf_get_assoc_ies+0x967/0xf60\n[ 46.613904][ T7] ? brcmf_notify_vif_event+0x3d0/0x3d0\n[ 46.614831][ T7] ? lock_chain_count+0x20/0x20\n[ 46.615683][ T7] ? mark_lock.part.0+0xfc/0x2770\n[ 46.616552][ T7] ? lock_chain_count+0x20/0x20\n[ 46.617409][ T7] ? mark_lock.part.0+0xfc/0x2770\n[ 46.618244][ T7] ? lock_chain_count+0x20/0x20\n[ 46.619024][ T7] brcmf_bss_connect_done.constprop.0+0x241/0x2e0\n[ 46.620019][ T7] ? brcmf_parse_configure_security.isra.0+0x2a0/0x2a0\n[ 46.620818][ T7] ? __lock_acquire+0x181f/0x5790\n[ 46.621462][ T7] brcmf_notify_connect_status+0x448/0x1950\n[ 46.622134][ T7] ? rcu_read_lock_bh_held+0xb0/0xb0\n[ 46.622736][ T7] ? brcmf_cfg80211_join_ibss+0x7b0/0x7b0\n[ 46.623390][ T7] ? find_held_lock+0x2d/0x110\n[ 46.623962][ T7] ? brcmf_fweh_event_worker+0x19f/0xc60\n[ 46.624603][ T7] ? mark_held_locks+0x9f/0xe0\n[ 46.625145][ T7] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0\n[ 46.625871][ T7] ? brcmf_cfg80211_join_ibss+0x7b0/0x7b0\n[ 46.626545][ T7] brcmf_fweh_call_event_handler.isra.0+0x90/0x100\n[ 46.627338][ T7] brcmf_fweh_event_worker+0x557/0xc60\n[ 46.627962][ T7] ? brcmf_fweh_call_event_handler.isra.0+0x100/0x100\n[ 46.628736][ T7] ? rcu_read_lock_sched_held+0xa1/0xd0\n[ 46.629396][ T7] ? rcu_read_lock_bh_held+0xb0/0xb0\n[ 46.629970][ T7] ? lockdep_hardirqs_on_prepare+0x273/0x3e0\n[ 46.630649][ T7] process_one_work+0x92b/0x1460\n[ 46.631205][ T7] ? pwq_dec_nr_in_flight+0x330/0x330\n[ 46.631821][ T7] ? rwlock_bug.part.0+0x90/0x90\n[ 46.632347][ T7] worker_thread+0x95/0xe00\n[ 46.632832][ T7] ? __kthread_parkme+0x115/0x1e0\n[ 46.633393][ T7] ? process_one_work+0x1460/0x1460\n[ 46.633957][ T7] kthread+0x3a1/0x480\n[ 46.634369][ T7] ? set_kthread_struct+0x120/0x120\n[ 46.634933][ T7] ret_from_fork+0x1f/0x30\n[ 46.635431][ T7]\n[ 46.635687][ T7] Allocated by task 7:\n[ 46.636151][ T7] kasan_save_stack+0x1b/0x40\n[ 46.636628][ T7] __kasan_kmalloc+0x7c/0x90\n[ 46.637108][ T7] kmem_cache_alloc_trace+0x19e/0x330\n[ 46.637696][ T7] brcmf_cfg80211_attach+0x4a0/0x4040\n[ 46.638275][ T7] brcmf_attach+0x389/0xd40\n[ 46.638739][ T7] brcmf_usb_probe+0x12de/0x1690\n[ 46.639279][ T7] usb_probe_interface+0x2aa/0x760\n[ 46.639820][ T7] really_probe+0x205/0xb70\n[ 46.640342][ T7] __driver_probe_device+0\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53213"
},
{
"category": "external",
"summary": "RHBZ#2395267",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395267"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53213",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53213"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53213",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53213"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091511-CVE-2023-53213-dfc5@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091511-CVE-2023-53213-dfc5@gregkh/T"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()"
},
{
"cve": "CVE-2023-53226",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395420"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix OOB and integer underflow when rx packets\n\nMake sure mwifiex_process_mgmt_packet,\nmwifiex_process_sta_rx_packet and mwifiex_process_uap_rx_packet,\nmwifiex_uap_queue_bridged_pkt and mwifiex_process_rx_packet\nnot out-of-bounds access the skb-\u003edata buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A vulnerability in the Marvell mwifiex driver (mwifiex, Marvell Wi-Fi) allows malformed over-the-air frames to trigger out-of-bounds reads and an integer underflow in the RX path, which can crash the kernel or drop packets. Remote code execution is highly unlikely \u2014 the flaw manifests as OOB reads / length miscalculations (leading to OOPS/panic or DoS), not as a controllable arbitrary-write or instruction pointer corruption, so an attacker cannot reliably gain code execution from this bug.\nThis issue only affects systems running the mwifiex driver; if the system does not use Marvell\u2019s mwifiex module there is no exposure.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53226"
},
{
"category": "external",
"summary": "RHBZ#2395420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395420"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53226",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53226"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53226",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53226"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091513-CVE-2023-53226-a44a@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091513-CVE-2023-53226-a44a@gregkh/T"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module mwifiex from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets"
},
{
"cve": "CVE-2023-53297",
"cwe": {
"id": "CWE-832",
"name": "Unlock of a Resource that is not Locked"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395681"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp\n\nconn-\u003echan_lock isn\u0027t acquired before l2cap_get_chan_by_scid,\nif l2cap_get_chan_by_scid returns NULL, then \u0027bad unlock balance\u0027\nis triggered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53297"
},
{
"category": "external",
"summary": "RHBZ#2395681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53297",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53297"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091627-CVE-2023-53297-8746@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091627-CVE-2023-53297-8746@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Bluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp"
},
{
"cve": "CVE-2023-53305",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395858"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix use-after-free\n\nFix potential use-after-free in l2cap_le_command_rej.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth: L2CAP: Fix use-after-free",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This L2CAP issue is adjacency-only (Bluetooth LE): an attacker must be within radio range and craft malicious LE frames. Impact is primarily kernel crash / DoS.\nIt could trigger a use-after-free condition when processing LE command rejection.\nIn practice an attacker must either establish a BLE connection or rely on the device accepting unauthenticated L2CAP traffic. If the device enforces pairing/authentication for L2CAP operations, exploitation from an unauthenticated remote actor is unlikely.\nFixed in Red Hat Enterprise Linux 9 starting from 9.4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53305"
},
{
"category": "external",
"summary": "RHBZ#2395858",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395858"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53305"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53305",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53305"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53305-b8fe@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091641-CVE-2023-53305-b8fe@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "To mitigate these vulnerabilities on the operating system level, disable the Bluetooth functionality via blocklisting kernel modules in the Linux kernel. The kernel modules can be prevented from being loaded by using system-wide modprobe rules. Instructions on how to disable Bluetooth modules are available on the customer portal at https://access.redhat.com/solutions/2682931.\n\nAlternatively, bluetooth can be disabled within the hardware or at the BIOS level, which will also provide effective mitigation as the kernel will not detect Bluetooth hardware on the system.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Bluetooth: L2CAP: Fix use-after-free"
},
{
"cve": "CVE-2023-53354",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396158"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nskbuff: skb_segment, Call zero copy functions before using skbuff frags\n\nCommit bf5c25d60861 (\"skbuff: in skb_segment, call zerocopy functions\nonce per nskb\") added the call to zero copy functions in skb_segment().\nThe change introduced a bug in skb_segment() because skb_orphan_frags()\nmay possibly change the number of fragments or allocate new fragments\naltogether leaving nrfrags and frag to point to the old values. This can\ncause a panic with stacktrace like the one below.\n\n[ 193.894380] BUG: kernel NULL pointer dereference, address: 00000000000000bc\n[ 193.895273] CPU: 13 PID: 18164 Comm: vh-net-17428 Kdump: loaded Tainted: G O 5.15.123+ #26\n[ 193.903919] RIP: 0010:skb_segment+0xb0e/0x12f0\n[ 194.021892] Call Trace:\n[ 194.027422] \u003cTASK\u003e\n[ 194.072861] tcp_gso_segment+0x107/0x540\n[ 194.082031] inet_gso_segment+0x15c/0x3d0\n[ 194.090783] skb_mac_gso_segment+0x9f/0x110\n[ 194.095016] __skb_gso_segment+0xc1/0x190\n[ 194.103131] netem_enqueue+0x290/0xb10 [sch_netem]\n[ 194.107071] dev_qdisc_enqueue+0x16/0x70\n[ 194.110884] __dev_queue_xmit+0x63b/0xb30\n[ 194.121670] bond_start_xmit+0x159/0x380 [bonding]\n[ 194.128506] dev_hard_start_xmit+0xc3/0x1e0\n[ 194.131787] __dev_queue_xmit+0x8a0/0xb30\n[ 194.138225] macvlan_start_xmit+0x4f/0x100 [macvlan]\n[ 194.141477] dev_hard_start_xmit+0xc3/0x1e0\n[ 194.144622] sch_direct_xmit+0xe3/0x280\n[ 194.147748] __dev_queue_xmit+0x54a/0xb30\n[ 194.154131] tap_get_user+0x2a8/0x9c0 [tap]\n[ 194.157358] tap_sendmsg+0x52/0x8e0 [tap]\n[ 194.167049] handle_tx_zerocopy+0x14e/0x4c0 [vhost_net]\n[ 194.173631] handle_tx+0xcd/0xe0 [vhost_net]\n[ 194.176959] vhost_worker+0x76/0xb0 [vhost]\n[ 194.183667] kthread+0x118/0x140\n[ 194.190358] ret_from_fork+0x1f/0x30\n[ 194.193670] \u003c/TASK\u003e\n\nIn this case calling skb_orphan_frags() updated nr_frags leaving nrfrags\nlocal variable in skb_segment() stale. This resulted in the code hitting\ni \u003e= nrfrags prematurely and trying to move to next frag_skb using\nlist_skb pointer, which was NULL, and caused kernel panic. Move the call\nto zero copy functions before using frags and nr_frags.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53354"
},
{
"category": "external",
"summary": "RHBZ#2396158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396158"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53354",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53354"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53354",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53354"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091721-CVE-2023-53354-771f@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091721-CVE-2023-53354-771f@gregkh/T"
}
],
"release_date": "2025-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags"
},
{
"cve": "CVE-2023-53365",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2025-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396130"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6mr: Fix skb_under_panic in ip6mr_cache_report()\n\nskbuff: skb_under_panic: text:ffffffff88771f69 len:56 put:-4\n head:ffff88805f86a800 data:ffff887f5f86a850 tail:0x88 end:0x2c0 dev:pim6reg\n ------------[ cut here ]------------\n kernel BUG at net/core/skbuff.c:192!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n CPU: 2 PID: 22968 Comm: kworker/2:11 Not tainted 6.5.0-rc3-00044-g0a8db05b571a #236\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n Workqueue: ipv6_addrconf addrconf_dad_work\n RIP: 0010:skb_panic+0x152/0x1d0\n Call Trace:\n \u003cTASK\u003e\n skb_push+0xc4/0xe0\n ip6mr_cache_report+0xd69/0x19b0\n reg_vif_xmit+0x406/0x690\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n vlan_dev_hard_start_xmit+0x3ab/0x5c0\n dev_hard_start_xmit+0x17e/0x6e0\n __dev_queue_xmit+0x2d6a/0x3d20\n neigh_connected_output+0x3ed/0x570\n ip6_finish_output2+0x5b5/0x1950\n ip6_finish_output+0x693/0x11c0\n ip6_output+0x24b/0x880\n NF_HOOK.constprop.0+0xfd/0x530\n ndisc_send_skb+0x9db/0x1400\n ndisc_send_rs+0x12a/0x6c0\n addrconf_dad_completed+0x3c9/0xea0\n addrconf_dad_work+0x849/0x1420\n process_one_work+0xa22/0x16e0\n worker_thread+0x679/0x10c0\n ret_from_fork+0x28/0x60\n ret_from_fork_asm+0x11/0x20\n\nWhen setup a vlan device on dev pim6reg, DAD ns packet may sent on reg_vif_xmit().\nreg_vif_xmit()\n ip6mr_cache_report()\n skb_push(skb, -skb_network_offset(pkt));//skb_network_offset(pkt) is 4\nAnd skb_push declared as:\n\tvoid *skb_push(struct sk_buff *skb, unsigned int len);\n\t\tskb-\u003edata -= len;\n\t\t//0xffff88805f86a84c - 0xfffffffc = 0xffff887f5f86a850\nskb-\u003edata is set to 0xffff887f5f86a850, which is invalid mem addr, lead to skb_push() fails.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53365"
},
{
"category": "external",
"summary": "RHBZ#2396130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53365"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53365",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53365"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091723-CVE-2023-53365-acb1@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091723-CVE-2023-53365-acb1@gregkh/T"
}
],
"release_date": "2025-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ip6mr: Fix skb_under_panic in ip6mr_cache_report()"
},
{
"cve": "CVE-2023-53373",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396379"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: seqiv - Handle EBUSY correctly\n\nAs it is seqiv only handles the special return value of EINPROGERSS,\nwhich means that in all other cases it will free data related to the\nrequest.\n\nHowever, as the caller of seqiv may specify MAY_BACKLOG, we also need\nto expect EBUSY and treat it in the same way. Otherwise backlogged\nrequests will trigger a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: crypto: seqiv - Handle EBUSY correctly",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw is in the seqiv IV generator and can lead to a use-after-free when backlogged crypto requests return -EBUSY. Triggering it is easier locally by flooding the kernel crypto API (e.g. via AF_ALG or many concurrent AEAD requests) because the attacker must create backlog conditions. Remote triggering is much harder and only realistic for specific configurations (for example an in-kernel IPsec/TLS path that uses seqiv for AEAD). In practice this means an unprivileged local user with access to the kernel crypto interface is the most likely threat vector, while a remote attacker would need the target to both use seqiv and be inducible into heavy crypto backlog.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53373"
},
{
"category": "external",
"summary": "RHBZ#2396379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53373",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53373"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53373",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53373"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53373-087e@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091855-CVE-2023-53373-087e@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: crypto: seqiv - Handle EBUSY correctly"
},
{
"cve": "CVE-2023-53393",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396376"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device\n\nCurrently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0),\nthere is a special handling in order to use the correct counters, but,\nport_num is being passed down the stack without any change. Also, some\nfunctions assume that port_num \u003e=1. As a result, the following oops can\noccur.\n\n BUG: unable to handle page fault for address: ffff89510294f1a8\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 0 P4D 0\n Oops: 0002 [#1] SMP\n CPU: 8 PID: 1382 Comm: devlink Tainted: G W 6.1.0-rc4_for_upstream_base_2022_11_10_16_12 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n RIP: 0010:_raw_spin_lock+0xc/0x20\n Call Trace:\n \u003cTASK\u003e\n mlx5_ib_get_native_port_mdev+0x73/0xe0 [mlx5_ib]\n do_get_hw_stats.constprop.0+0x109/0x160 [mlx5_ib]\n mlx5_ib_get_hw_stats+0xad/0x180 [mlx5_ib]\n ib_setup_device_attrs+0xf0/0x290 [ib_core]\n ib_register_device+0x3bb/0x510 [ib_core]\n ? atomic_notifier_chain_register+0x67/0x80\n __mlx5_ib_add+0x2b/0x80 [mlx5_ib]\n mlx5r_probe+0xb8/0x150 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x3c/0x70\n ? driver_sysfs_add+0x6b/0x90\n really_probe+0xcd/0x380\n __driver_probe_device+0x80/0x170\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n ? driver_allows_async_probing+0x60/0x60\n ? driver_allows_async_probing+0x60/0x60\n bus_for_each_drv+0x7b/0xc0\n __device_attach+0xbc/0x200\n bus_probe_device+0x87/0xa0\n device_add+0x404/0x940\n ? dev_set_name+0x53/0x70\n __auxiliary_device_add+0x43/0x60\n add_adev+0x99/0xe0 [mlx5_core]\n mlx5_attach_device+0xc8/0x120 [mlx5_core]\n mlx5_load_one_devl_locked+0xb2/0xe0 [mlx5_core]\n devlink_reload+0x133/0x250\n devlink_nl_cmd_reload+0x480/0x570\n ? devlink_nl_pre_doit+0x44/0x2b0\n genl_family_rcv_msg_doit.isra.0+0xc2/0x110\n genl_rcv_msg+0x180/0x2b0\n ? devlink_nl_cmd_region_read_dumpit+0x540/0x540\n ? devlink_reload+0x250/0x250\n ? devlink_put+0x50/0x50\n ? genl_family_rcv_msg_doit.isra.0+0x110/0x110\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1f6/0x2c0\n netlink_sendmsg+0x237/0x490\n sock_sendmsg+0x33/0x40\n __sys_sendto+0x103/0x160\n ? handle_mm_fault+0x10e/0x290\n ? do_user_addr_fault+0x1c0/0x5f0\n __x64_sys_sendto+0x25/0x30\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nFix it by setting port_num to 1 in order to get device status and remove\nunused variable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw in mlx5_ib_get_hw_stats() allowed port_num=0 (device-level query) to propagate down the stack, where code paths assumed port_num \u003e= 1, leading to a NULL-pointer dereference and kernel oops during stats collection or device registration. The fix normalizes device queries by forcing port_num=1 before accessing per-port data and removes an unused variable. Exploitation requires local, highly privileged access to the RDMA device stack (e.g., devlink/IB admin), and impact is limited to local DoS.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53393"
},
{
"category": "external",
"summary": "RHBZ#2396376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53393"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091858-CVE-2023-53393-5e45@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091858-CVE-2023-53393-5e45@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device"
},
{
"cve": "CVE-2023-53680",
"discovery_date": "2025-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402213"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Avoid calling OPDESC() with ops-\u003eopnum == OP_ILLEGAL\n\nOPDESC() simply indexes into nfsd4_ops[] by the op\u0027s operation\nnumber, without range checking that value. It assumes callers are\ncareful to avoid calling it with an out-of-bounds opnum value.\n\nnfsd4_decode_compound() is not so careful, and can invoke OPDESC()\nwith opnum set to OP_ILLEGAL, which is 10044 -- well beyond the end\nof nfsd4_ops[].",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSD: Avoid calling OPDESC() with ops-\u003eopnum == OP_ILLEGAL",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "NFSD could call OPDESC() with opnum == OP_ILLEGAL, indexing past nfsd4_ops[] and causing an out-of-bounds read leading to a crash. A remote unauthenticated NFSv4 client could trigger this via a crafted COMPOUND, impacting availability of the NFS server. The fix sets op-\u003eopdesc = NULL, assigns opdesc only when opnum is in range, and removes the unconditional OPDESC() call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53680"
},
{
"category": "external",
"summary": "RHBZ#2402213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402213"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53680",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53680"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53680",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53680"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53680-501d@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025100708-CVE-2023-53680-501d@gregkh/T"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module nfs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NFSD: Avoid calling OPDESC() with ops-\u003eopnum == OP_ILLEGAL"
},
{
"cve": "CVE-2024-46679",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"discovery_date": "2024-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312067"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ethtool in the Linux kernel, where sysfs reader getting link settings can attempt to read the device state on a device that is not present, leading to a crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ethtool: check device is present when getting link settings",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-46679"
},
{
"category": "external",
"summary": "RHBZ#2312067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-46679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-46679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46679"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2024091336-CVE-2024-46679-3527@gregkh/T"
}
],
"release_date": "2024-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ethtool: check device is present when getting link settings"
},
{
"cve": "CVE-2025-38718",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"discovery_date": "2025-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2393166"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: linearize cloned gso packets in sctp_rcv\n\nA cloned head skb still shares these frag skbs in fraglist with the\noriginal head skb. It\u0027s not safe to access these frag skbs.\n\nsyzbot reported two use-of-uninitialized-memory bugs caused by this:\n\n BUG: KMSAN: uninit-value in sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_inq_pop+0x15b7/0x1920 net/sctp/inqueue.c:211\n sctp_assoc_bh_rcv+0x1a7/0xc50 net/sctp/associola.c:998\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x397/0xdb0 net/sctp/input.c:331\n sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1122\n __release_sock+0x1da/0x330 net/core/sock.c:3106\n release_sock+0x6b/0x250 net/core/sock.c:3660\n sctp_wait_for_connect+0x487/0x820 net/sctp/socket.c:9360\n sctp_sendmsg_to_asoc+0x1ec1/0x1f00 net/sctp/socket.c:1885\n sctp_sendmsg+0x32b9/0x4a80 net/sctp/socket.c:2031\n inet_sendmsg+0x25a/0x280 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:718 [inline]\n\nand\n\n BUG: KMSAN: uninit-value in sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_assoc_bh_rcv+0x34e/0xbc0 net/sctp/associola.c:987\n sctp_inq_push+0x2a3/0x350 net/sctp/inqueue.c:88\n sctp_backlog_rcv+0x3c7/0xda0 net/sctp/input.c:331\n sk_backlog_rcv+0x142/0x420 include/net/sock.h:1148\n __release_sock+0x1d3/0x330 net/core/sock.c:3213\n release_sock+0x6b/0x270 net/core/sock.c:3767\n sctp_wait_for_connect+0x458/0x820 net/sctp/socket.c:9367\n sctp_sendmsg_to_asoc+0x223a/0x2260 net/sctp/socket.c:1886\n sctp_sendmsg+0x3910/0x49f0 net/sctp/socket.c:2032\n inet_sendmsg+0x269/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:712 [inline]\n\nThis patch fixes it by linearizing cloned gso packets in sctp_rcv().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: sctp: linearize cloned gso packets in sctp_rcv",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw in the SCTP receive path failed to linearize cloned GSO sk_buffs before accessing fraglists, leading to reads of uninitialized memory as reported by KMSAN. An attacker sending SCTP traffic can trigger incorrect processing and potentially cause a kernel denial of service on the target under specific RX conditions.\nStream Control Transmission Protocol (SCTP) is a transport-layer protocol (like TCP or UDP) primarily used in telecom signaling and some specialized applications. On most Linux systems it is disabled by default, and remote connectivity is only possible if SCTP support is enabled and listening services are configured (commonly using the IANA-assigned port 2905/tcp for M3UA or other protocol-specific ports). Therefore, the vulnerability is only exploitable when SCTP is enabled and reachable on the target system.\nAlthough KMSAN reports this issue as use of uninitialized memory (which deterministically crashes with KMSAN enabled), on production kernels the impact is still availability-related.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38718"
},
{
"category": "external",
"summary": "RHBZ#2393166",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393166"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38718"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38718-5bb6@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025090459-CVE-2025-38718-5bb6@gregkh/T"
}
],
"release_date": "2025-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module sctp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: sctp: linearize cloned gso packets in sctp_rcv"
},
{
"cve": "CVE-2025-38724",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2025-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2393172"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the Linux kernel\u0027s Network File System (NFS) daemon that could allow for a Denial of Service and in worst case scenario Arbitrary Code Execution. This Use-After-Free flaw arises from a race condition when the kernel handles the confirmation of an NFS client identifier. If an NFS client is expiring while this confirmation is in progress, the system can attempt to use memory that is no longer allocated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38724"
},
{
"category": "external",
"summary": "RHBZ#2393172",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393172"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38724"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38724-5309@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025090401-CVE-2025-38724-5309@gregkh/T"
}
],
"release_date": "2025-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()"
},
{
"cve": "CVE-2025-38729",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2393164"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\n\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A malicious or malformed USB Audio Class 3.0 device could provide a power-domain descriptor with an invalid bLength, leading the usb-audio parser to read past the end of the buffer. The fix adds explicit length checks for UAC3 power domain descriptors to prevent OOB access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38729"
},
{
"category": "external",
"summary": "RHBZ#2393164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38729"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38729-ca88@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38729-ca88@gregkh/T"
}
],
"release_date": "2025-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too"
},
{
"cve": "CVE-2025-39697",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-09-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2393481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw use after free in the Linux kernel NFS functionality was found in the way connected user sends malicious data to the server. A remote user could use this flaw to crash the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFS: Fix a race when updating an existing write",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A race condition in the NFS write path allowed a request to be removed after it was checked but before the page-group lock was taken. The fix acquires the page-group lock earlier and holds it across request removal, preventing use-after-state races. This can be triggered by a client with write access to an export and may lead to a kernel crash (remote DoS).\nThis race condition is difficult to trigger in practice, as it requires several conditions to align (concurrent write activity and timing), and there is no evidence of remote control over memory contents. Therefore the most likely outcome is a denial of service (Availability: High), with Confidentiality and Integrity unaffected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39697"
},
{
"category": "external",
"summary": "RHBZ#2393481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39697",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39697"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025090548-CVE-2025-39697-5284@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025090548-CVE-2025-39697-5284@gregkh/T"
}
],
"release_date": "2025-09-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module nfs from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NFS: Fix a race when updating an existing write"
},
{
"cve": "CVE-2025-39757",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394615"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 cluster segment descriptors\n\nUAC3 class segment descriptors need to be verified whether their sizes\nmatch with the declared lengths and whether they fit with the\nallocated buffer sizes, too. Otherwise malicious firmware may lead to\nthe unexpected OOB accesses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39757"
},
{
"category": "external",
"summary": "RHBZ#2394615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39757"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091144-CVE-2025-39757-e212@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091144-CVE-2025-39757-e212@gregkh/T"
}
],
"release_date": "2025-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors"
},
{
"cve": "CVE-2025-39817",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395805"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix slab-out-of-bounds in efivarfs_d_compare\n\nObserved on kernel 6.6 (present on master as well):\n\n BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0\n Call trace:\n kasan_check_range+0xe8/0x190\n __asan_loadN+0x1c/0x28\n memcmp+0x98/0xd0\n efivarfs_d_compare+0x68/0xd8\n __d_lookup_rcu_op_compare+0x178/0x218\n __d_lookup_rcu+0x1f8/0x228\n d_alloc_parallel+0x150/0x648\n lookup_open.isra.0+0x5f0/0x8d0\n open_last_lookups+0x264/0x828\n path_openat+0x130/0x3f8\n do_filp_open+0x114/0x248\n do_sys_openat2+0x340/0x3c0\n __arm64_sys_openat+0x120/0x1a0\n\nIf dentry-\u003ed_name.len \u003c EFI_VARIABLE_GUID_LEN , \u0027guid\u0027 can become\nnegative, leadings to oob. The issue can be triggered by parallel\nlookups using invalid filename:\n\n T1\t\t\tT2\n lookup_open\n -\u003elookup\n simple_lookup\n d_add\n // invalid dentry is added to hash list\n\n\t\t\tlookup_open\n\t\t\t d_alloc_parallel\n\t\t\t __d_lookup_rcu\n\t\t\t __d_lookup_rcu_op_compare\n\t\t\t hlist_bl_for_each_entry_rcu\n\t\t\t // invalid dentry can be retrieved\n\t\t\t -\u003ed_compare\n\t\t\t efivarfs_d_compare\n\t\t\t // oob\n\nFix it by checking \u0027guid\u0027 before cmp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39817"
},
{
"category": "external",
"summary": "RHBZ#2395805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39817"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39817-90b7@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39817-90b7@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare"
},
{
"cve": "CVE-2025-39825",
"cwe": {
"id": "CWE-366",
"name": "Race Condition within a Thread"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395792"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix race with concurrent opens in rename(2)\n\nBesides sending the rename request to the server, the rename process\nalso involves closing any deferred close, waiting for outstanding I/O\nto complete as well as marking all existing open handles as deleted to\nprevent them from deferring closes, which increases the race window\nfor potential concurrent opens on the target file.\n\nFix this by unhashing the dentry in advance to prevent any concurrent\nopens on the target.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: smb: client: fix race with concurrent opens in rename(2)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39825"
},
{
"category": "external",
"summary": "RHBZ#2395792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39825",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39825"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39825",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39825"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39825-8a7a@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091616-CVE-2025-39825-8a7a@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: smb: client: fix race with concurrent opens in rename(2)"
},
{
"cve": "CVE-2025-39841",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396944"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix buffer free/clear order in deferred receive path\n\nFix a use-after-free window by correcting the buffer release sequence in\nthe deferred receive path. The code freed the RQ buffer first and only\nthen cleared the context pointer under the lock. Concurrent paths (e.g.,\nABTS and the repost path) also inspect and release the same pointer under\nthe lock, so the old order could lead to double-free/UAF.\n\nNote that the repost path already uses the correct pattern: detach the\npointer under the lock, then free it after dropping the lock. The\ndeferred path should do the same.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39841"
},
{
"category": "external",
"summary": "RHBZ#2396944",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396944"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39841",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39841"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39841",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39841"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091902-CVE-2025-39841-2c0f@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091902-CVE-2025-39841-2c0f@gregkh/T"
}
],
"release_date": "2025-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: scsi: lpfc: Fix buffer free/clear order in deferred receive path"
},
{
"cve": "CVE-2025-39864",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396934"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: fix use-after-free in cmp_bss()\n\nFollowing bss_free() quirk introduced in commit 776b3580178f\n(\"cfg80211: track hidden SSID networks properly\"), adjust\ncfg80211_update_known_bss() to free the last beacon frame\nelements only if they\u0027re not shared via the corresponding\n\u0027hidden_beacon_bss\u0027 pointer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: wifi: cfg80211: fix use-after-free in cmp_bss()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A use-after-free issue was discovered in the cfg80211 subsystem, caused by freeing beacon_ies structures even when they were still referenced through hidden_beacon_bss.\nExploitation requires local access with capabilities to manage Wi-Fi interfaces (e.g., via nl80211) and is unlikely under normal conditions.\nThe vulnerability could theoretically lead to kernel memory corruption or privilege escalation, though the trigger is complex.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39864"
},
{
"category": "external",
"summary": "RHBZ#2396934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39864"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39864",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39864"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39864-a3a2@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091906-CVE-2025-39864-a3a2@gregkh/T"
}
],
"release_date": "2025-09-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: wifi: cfg80211: fix use-after-free in cmp_bss()"
},
{
"cve": "CVE-2025-39883",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397553"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory\n\nWhen I did memory failure tests, below panic occurs:\n\npage dumped because: VM_BUG_ON_PAGE(PagePoisoned(page))\nkernel BUG at include/linux/page-flags.h:616!\nOops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 720 Comm: bash Not tainted 6.10.0-rc1-00195-g148743902568 #40\nRIP: 0010:unpoison_memory+0x2f3/0x590\nRSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246\nRAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0\nRBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb\nR10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000\nR13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe\nFS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n unpoison_memory+0x2f3/0x590\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xd5/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xb9/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f08f0314887\nRSP: 002b:00007ffece710078 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f08f0314887\nRDX: 0000000000000009 RSI: 0000564787a30410 RDI: 0000000000000001\nRBP: 0000564787a30410 R08: 000000000000fefe R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009\nR13: 00007f08f041b780 R14: 00007f08f0417600 R15: 00007f08f0416a00\n \u003c/TASK\u003e\nModules linked in: hwpoison_inject\n---[ end trace 0000000000000000 ]---\nRIP: 0010:unpoison_memory+0x2f3/0x590\nRSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246\nRAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0\nRBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb\nR10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000\nR13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe\nFS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0\nKernel panic - not syncing: Fatal exception\nKernel Offset: 0x31c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n---[ end Kernel panic - not syncing: Fatal exception ]---\n\nThe root cause is that unpoison_memory() tries to check the PG_HWPoison\nflags of an uninitialized page. So VM_BUG_ON_PAGE(PagePoisoned(page)) is\ntriggered. This can be reproduced by below steps:\n\n1.Offline memory block:\n\n echo offline \u003e /sys/devices/system/memory/memory12/state\n\n2.Get offlined memory pfn:\n\n page-types -b n -rlN\n\n3.Write pfn to unpoison-pfn\n\n echo \u003cpfn\u003e \u003e /sys/kernel/debug/hwpoison/unpoison-pfn\n\nThis scenario can be identified by pfn_to_online_page() returning NULL. \nAnd ZONE_DEVICE pages are never expected, so we can simply fail if\npfn_to_online_page() == NULL to fix the bug.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39883"
},
{
"category": "external",
"summary": "RHBZ#2397553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39883",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39883"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025092302-CVE-2025-39883-6015@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025092302-CVE-2025-39883-6015@gregkh/T"
}
],
"release_date": "2025-09-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory"
},
{
"cve": "CVE-2025-39955",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2025-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402699"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "tcp_disconnect() failed to clear tcp_sk(sk)-\u003efastopen_rsk when reusing a TFO socket (e.g., after accept() \u2192 connect(AF_UNSPEC) \u2192 connect() sequence).\nThis left a stale reference, allowing the retransmit timer to access a freed request_sock, triggering a kernel warning or potential UAF.\nTriggering requires local access and the ability to create and manipulate TCP Fast Open sockets (often through privileged or test contexts).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "RHBZ#2402699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402699"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39955"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025100942-CVE-2025-39955-f36b@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025100942-CVE-2025-39955-f36b@gregkh/T"
}
],
"release_date": "2025-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect()"
},
{
"cve": "CVE-2025-40186",
"cwe": {
"id": "CWE-826",
"name": "Premature Release of Resource During Expected Lifetime"
},
"discovery_date": "2025-11-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414724"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Don\u0027t call reqsk_fastopen_remove() in tcp_conn_request().\n\nsyzbot reported the splat below in tcp_conn_request(). [0]\n\nIf a listener is close()d while a TFO socket is being processed in\ntcp_conn_request(), inet_csk_reqsk_queue_add() does not set reqsk-\u003esk\nand calls inet_child_forget(), which calls tcp_disconnect() for the\nTFO socket.\n\nAfter the cited commit, tcp_disconnect() calls reqsk_fastopen_remove(),\nwhere reqsk_put() is called due to !reqsk-\u003esk.\n\nThen, reqsk_fastopen_remove() in tcp_conn_request() decrements the\nlast req-\u003ersk_refcnt and frees reqsk, and __reqsk_free() at the\ndrop_and_free label causes the refcount underflow for the listener\nand double-free of the reqsk.\n\nLet\u0027s remove reqsk_fastopen_remove() in tcp_conn_request().\n\nNote that other callers make sure tp-\u003efastopen_rsk is not NULL.\n\n[0]:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 12 PID: 5563 at lib/refcount.c:28 refcount_warn_saturate (lib/refcount.c:28)\nModules linked in:\nCPU: 12 UID: 0 PID: 5563 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:refcount_warn_saturate (lib/refcount.c:28)\nCode: ab e8 8e b4 98 ff 0f 0b c3 cc cc cc cc cc 80 3d a4 e4 d6 01 00 75 9c c6 05 9b e4 d6 01 01 48 c7 c7 e8 df fb ab e8 6a b4 98 ff \u003c0f\u003e 0b e9 03 5b 76 00 cc 80 3d 7d e4 d6 01 00 0f 85 74 ff ff ff c6\nRSP: 0018:ffffa79fc0304a98 EFLAGS: 00010246\nRAX: d83af4db1c6b3900 RBX: ffff9f65c7a69020 RCX: d83af4db1c6b3900\nRDX: 0000000000000000 RSI: 00000000ffff7fff RDI: ffffffffac78a280\nRBP: 000000009d781b60 R08: 0000000000007fff R09: ffffffffac6ca280\nR10: 0000000000017ffd R11: 0000000000000004 R12: ffff9f65c7b4f100\nR13: ffff9f65c7d23c00 R14: ffff9f65c7d26000 R15: ffff9f65c7a64ef8\nFS: 00007f9f962176c0(0000) GS:ffff9f65fcf00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000200000000180 CR3: 000000000dbbe006 CR4: 0000000000372ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_conn_request (./include/linux/refcount.h:400 ./include/linux/refcount.h:432 ./include/linux/refcount.h:450 ./include/net/sock.h:1965 ./include/net/request_sock.h:131 net/ipv4/tcp_input.c:7301)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6708)\n tcp_v6_do_rcv (net/ipv6/tcp_ipv6.c:1670)\n tcp_v6_rcv (net/ipv6/tcp_ipv6.c:1906)\n ip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:438)\n ip6_input (net/ipv6/ip6_input.c:500)\n ipv6_rcv (net/ipv6/ip6_input.c:311)\n __netif_receive_skb (net/core/dev.c:6104)\n process_backlog (net/core/dev.c:6456)\n __napi_poll (net/core/dev.c:7506)\n net_rx_action (net/core/dev.c:7569 net/core/dev.c:7696)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480)\n \u003c/IRQ\u003e",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Privilege escalation or Denial of Service via TCP Fast Open vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40186"
},
{
"category": "external",
"summary": "RHBZ#2414724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414724"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40186"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40186-b204@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025111244-CVE-2025-40186-b204@gregkh/T"
}
],
"release_date": "2025-11-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-17T07:48:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
],
"restart_required": {
"category": "machine"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23445"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:bpftool-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:bpftool-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.src",
"BaseOS-8.2.0.Z.AUS:kernel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-abi-whitelists-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-core-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debug-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-debuginfo-common-x86_64-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-devel-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-doc-0:4.18.0-193.178.1.el8_2.noarch",
"BaseOS-8.2.0.Z.AUS:kernel-modules-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-modules-extra-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:kernel-tools-libs-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-0:4.18.0-193.178.1.el8_2.x86_64",
"BaseOS-8.2.0.Z.AUS:python3-perf-debuginfo-0:4.18.0-193.178.1.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Linux kernel: Privilege escalation or Denial of Service via TCP Fast Open vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…