RHSA-2025:23960
Vulnerability from csaf_redhat - Published: 2025-12-22 17:04 - Updated: 2025-12-23 00:02Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too (CVE-2025-38729)
* kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757)
* kernel: mm: fix zswap writeback race condition (CVE-2023-53178)
* kernel: Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (CVE-2023-53297)
* kernel: scsi: qla2xxx: Wait for io return on terminate rport (CVE-2023-53322)
* kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)
* kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)
* kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values (CVE-2022-50403)
* kernel: NFSD: Protect against send buffer overflow in NFSv2 READ (CVE-2022-50410)
* kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)
* kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too (CVE-2025-38729)\n\n* kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757)\n\n* kernel: mm: fix zswap writeback race condition (CVE-2023-53178)\n\n* kernel: Bluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp (CVE-2023-53297)\n\n* kernel: scsi: qla2xxx: Wait for io return on terminate rport (CVE-2023-53322)\n\n* kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)\n\n* kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)\n\n* kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values (CVE-2022-50403)\n\n* kernel: NFSD: Protect against send buffer overflow in NFSv2 READ (CVE-2022-50410)\n\n* kernel: iomap: iomap: fix memory corruption when recording errors during writeback (CVE-2022-50406)\n\n* kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect() (CVE-2025-39955)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:23960",
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2393164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393164"
},
{
"category": "external",
"summary": "2394615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394615"
},
{
"category": "external",
"summary": "2395358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395358"
},
{
"category": "external",
"summary": "2395681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395681"
},
{
"category": "external",
"summary": "2395891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395891"
},
{
"category": "external",
"summary": "2396114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396114"
},
{
"category": "external",
"summary": "2396152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396152"
},
{
"category": "external",
"summary": "2396494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396494"
},
{
"category": "external",
"summary": "2396536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396536"
},
{
"category": "external",
"summary": "2396538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396538"
},
{
"category": "external",
"summary": "2402699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402699"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_23960.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2025-12-23T00:02:31+00:00",
"generator": {
"date": "2025-12-23T00:02:31+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:23960",
"initial_release_date": "2025-12-22T17:04:29+00:00",
"revision_history": [
{
"date": "2025-12-22T17:04:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-12-22T17:04:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-23T00:02:31+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"product": {
"name": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"product_id": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.144.1.rt56.1296.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.144.1.rt56.1296.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"product": {
"name": "kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"product_id": "kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.144.1.rt56.1296.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50356",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396152"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sfb: fix null pointer access issue when sfb_init() fails\n\nWhen the default qdisc is sfb, if the qdisc of dev_queue fails to be\ninited during mqprio_init(), sfb_reset() is invoked to clear resources.\nIn this case, the q-\u003eqdisc is NULL, and it will cause gpf issue.\n\nThe process is as follows:\nqdisc_create_dflt()\n\tsfb_init()\n\t\ttcf_block_get() ---\u003efailed, q-\u003eqdisc is NULL\n\t...\n\tqdisc_put()\n\t\t...\n\t\tsfb_reset()\n\t\t\tqdisc_reset(q-\u003eqdisc) ---\u003eq-\u003eqdisc is NULL\n\t\t\t\tops = qdisc-\u003eops\n\nThe following is the Call Trace information:\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\nRIP: 0010:qdisc_reset+0x2b/0x6f0\nCall Trace:\n\u003cTASK\u003e\nsfb_reset+0x37/0xd0\nqdisc_reset+0xed/0x6f0\nqdisc_destroy+0x82/0x4c0\nqdisc_put+0x9e/0xb0\nqdisc_create_dflt+0x2c3/0x4a0\nmqprio_init+0xa71/0x1760\nqdisc_create+0x3eb/0x1000\ntc_modify_qdisc+0x408/0x1720\nrtnetlink_rcv_msg+0x38e/0xac0\nnetlink_rcv_skb+0x12d/0x3a0\nnetlink_unicast+0x4a2/0x740\nnetlink_sendmsg+0x826/0xcc0\nsock_sendmsg+0xc5/0x100\n____sys_sendmsg+0x583/0x690\n___sys_sendmsg+0xe8/0x160\n__sys_sendmsg+0xbf/0x160\ndo_syscall_64+0x35/0x80\nentry_SYSCALL_64_after_hwframe+0x46/0xb0\nRIP: 0033:0x7f2164122d04\n\u003c/TASK\u003e",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50356"
},
{
"category": "external",
"summary": "RHBZ#2396152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50356",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50356"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091714-CVE-2022-50356-fe76@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091714-CVE-2022-50356-fe76@gregkh/T"
}
],
"release_date": "2025-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails"
},
{
"cve": "CVE-2022-50367",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396114"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs: fix UAF/GPF bug in nilfs_mdt_destroy\n\nIn alloc_inode, inode_init_always() could return -ENOMEM if\nsecurity_inode_alloc() fails, which causes inode-\u003ei_private\nuninitialized. Then nilfs_is_metadata_file_inode() returns\ntrue and nilfs_free_inode() wrongly calls nilfs_mdt_destroy(),\nwhich frees the uninitialized inode-\u003ei_private\nand leads to crashes(e.g., UAF/GPF).\n\nFix this by moving security_inode_alloc just prior to\nthis_cpu_inc(nr_inodes)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This patch fixes a use-after-free/GPF bug in the NILFS2 metadata handling. When security_inode_alloc() failed, an uninitialized inode-\u003ei_private pointer could later be freed by nilfs_mdt_destroy(), leading to memory corruption or crashes.\nYou can reproduce this issue on systems using NILFS, because the crash path involves nilfs_mdt_destroy() freeing inode-\u003ei_private when security_inode_alloc() fails. On other filesystems the same cleanup path does not run, so accidental freeing of that uninitialized field is far less likely.\nConsequently, systems not using NILFS are at much lower risk unless they have other code that similarly frees inode-\u003ei_private.\nFor the all versions of the Red Hat Enterprise Linux the config param CONFIG_NILFS2_FS disabled, so with the known scenario of attack it is not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50367"
},
{
"category": "external",
"summary": "RHBZ#2396114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50367"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50367",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50367"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091716-CVE-2022-50367-651c@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091716-CVE-2022-50367-651c@gregkh/T"
}
],
"release_date": "2025-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy"
},
{
"cve": "CVE-2022-50403",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396494"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was identified in the Linux kernel\u0027s ext4 filesystem implementation due to a flaw in how it processes filesystem metadata. An attacker with local privileges could create a malicious ext4 filesystem image to trigger this issue. When the system attempts to mount this malicious image, the kernel performs an incorrect calculation. This action results in unpredictable system behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50403"
},
{
"category": "external",
"summary": "RHBZ#2396494",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396494"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50403",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50403"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50403",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50403"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50403-0471@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091852-CVE-2022-50403-0471@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values"
},
{
"cve": "CVE-2022-50406",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396538"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: iomap: fix memory corruption when recording errors during writeback\n\nEvery now and then I see this crash on arm64:\n\nUnable to handle kernel NULL pointer dereference at virtual address 00000000000000f8\nBuffer I/O error on dev dm-0, logical block 8733687, async page read\nMem abort info:\n ESR = 0x0000000096000006\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x06: level 2 translation fault\nData abort info:\n ISV = 0, ISS = 0x00000006\n CM = 0, WnR = 0\nuser pgtable: 64k pages, 42-bit VAs, pgdp=0000000139750000\n[00000000000000f8] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000, pmd=0000000000000000\nInternal error: Oops: 96000006 [#1] PREEMPT SMP\nBuffer I/O error on dev dm-0, logical block 8733688, async page read\nDumping ftrace buffer:\nBuffer I/O error on dev dm-0, logical block 8733689, async page read\n (ftrace buffer empty)\nXFS (dm-0): log I/O error -5\nModules linked in: dm_thin_pool dm_persistent_data\nXFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ec/0x590 [xfs] (fs/xfs/xfs_trans_buf.c:296).\n dm_bio_prison\nXFS (dm-0): Please unmount the filesystem and rectify the problem(s)\nXFS (dm-0): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -5, agno 0\n dm_bufio dm_log_writes xfs nft_chain_nat xt_REDIRECT nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_REJECT\npotentially unexpected fatal signal 6.\n nf_reject_ipv6\npotentially unexpected fatal signal 6.\n ipt_REJECT nf_reject_ipv4\nCPU: 1 PID: 122166 Comm: fsstress Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7\n rpcsec_gss_krb5 auth_rpcgss xt_tcpudp ip_set_hash_ip ip_set_hash_net xt_set nft_compat ip_set_hash_mac ip_set nf_tables\nHardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021\npstate: 60001000 (nZCv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--)\n ip_tables\npc : 000003fd6d7df200\n x_tables\nlr : 000003fd6d7df1ec\n overlay nfsv4\nCPU: 0 PID: 54031 Comm: u4:3 Tainted: G W 6.0.0-rc5-djwa #rc5 3004c9f1de887ebae86015f2677638ce51ee7405\nHardware name: QEMU KVM Virtual Machine, BIOS 1.5.1 06/16/2021\nWorkqueue: writeback wb_workfn\nsp : 000003ffd9522fd0\n (flush-253:0)\npstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)\npc : errseq_set+0x1c/0x100\nx29: 000003ffd9522fd0 x28: 0000000000000023 x27: 000002acefeb6780\nx26: 0000000000000005 x25: 0000000000000001 x24: 0000000000000000\nx23: 00000000ffffffff x22: 0000000000000005\nlr : __filemap_set_wb_err+0x24/0xe0\n x21: 0000000000000006\nsp : fffffe000f80f760\nx29: fffffe000f80f760 x28: 0000000000000003 x27: fffffe000f80f9f8\nx26: 0000000002523000 x25: 00000000fffffffb x24: fffffe000f80f868\nx23: fffffe000f80fbb0 x22: fffffc0180c26a78 x21: 0000000002530000\nx20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000\n\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000001 x13: 0000000000470af3 x12: fffffc0058f70000\nx11: 0000000000000040 x10: 0000000000001b20 x9 : fffffe000836b288\nx8 : fffffc00eb9fd480 x7 : 0000000000f83659 x6 : 0000000000000000\nx5 : 0000000000000869 x4 : 0000000000000005 x3 : 00000000000000f8\nx20: 000003fd6d740020 x19: 000000000001dd36 x18: 0000000000000001\nx17: 000003fd6d78704c x16: 0000000000000001 x15: 000002acfac87668\nx2 : 0000000000000ffa x1 : 00000000fffffffb x0 : 00000000000000f8\nCall trace:\n errseq_set+0x1c/0x100\n __filemap_set_wb_err+0x24/0xe0\n iomap_do_writepage+0x5e4/0xd5c\n write_cache_pages+0x208/0x674\n iomap_writepages+0x34/0x60\n xfs_vm_writepages+0x8c/0xcc [xfs 7a861f39c43631f15d3a5884246ba5035d4ca78b]\nx14: 0000000000000000 x13: 2064656e72757465 x12: 0000000000002180\nx11: 000003fd6d8a82d0 x10: 0000000000000000 x9 : 000003fd6d8ae288\nx8 : 0000000000000083 x7 : 00000000ffffffff x6 : 00000000ffffffee\nx5 : 00000000fbad2887 x4 : 000003fd6d9abb58 x3 : 000003fd6d740020\nx2 : 0000000000000006 x1 : 000000000001dd36 x0 : 0000000000000000\nCPU: \n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: iomap: iomap: fix memory corruption when recording errors during writeback",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50406"
},
{
"category": "external",
"summary": "RHBZ#2396538",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396538"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50406",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50406"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50406",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50406"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/3d5f3ba1ac28059bdf7000cae2403e4e984308d2",
"url": "https://git.kernel.org/stable/c/3d5f3ba1ac28059bdf7000cae2403e4e984308d2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/7308591d9c7787aec58f6a01a7823f14e90db7a2",
"url": "https://git.kernel.org/stable/c/7308591d9c7787aec58f6a01a7823f14e90db7a2"
},
{
"category": "external",
"summary": "https://git.kernel.org/stable/c/82c66c46f73b88be74c869e2cbfef45281adf3c6",
"url": "https://git.kernel.org/stable/c/82c66c46f73b88be74c869e2cbfef45281adf3c6"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: iomap: iomap: fix memory corruption when recording errors during writeback"
},
{
"cve": "CVE-2022-50410",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396536"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Protect against send buffer overflow in NFSv2 READ\n\nSince before the git era, NFSD has conserved the number of pages\nheld by each nfsd thread by combining the RPC receive and send\nbuffers into a single array of pages. This works because there are\nno cases where an operation needs a large RPC Call message and a\nlarge RPC Reply at the same time.\n\nOnce an RPC Call has been received, svc_process() updates\nsvc_rqst::rq_res to describe the part of rq_pages that can be\nused for constructing the Reply. This means that the send buffer\n(rq_res) shrinks when the received RPC record containing the RPC\nCall is large.\n\nA client can force this shrinkage on TCP by sending a correctly-\nformed RPC Call header contained in an RPC record that is\nexcessively large. The full maximum payload size cannot be\nconstructed in that case.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSD: Protect against send buffer overflow in NFSv2 READ",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A logic flaw in the NFSv2 server implementation could allow a remote NFS client to trigger a send-buffer overflow by sending a valid but excessively large RPC Call header, resulting in an oversized READ request exceeding the available response buffer. Successful exploitation could lead to memory corruption and potential denial of service (kernel crash).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50410"
},
{
"category": "external",
"summary": "RHBZ#2396536",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396536"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50410",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50410"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50410-edee@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091853-CVE-2022-50410-edee@gregkh/T"
}
],
"release_date": "2025-09-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NFSD: Protect against send buffer overflow in NFSv2 READ"
},
{
"cve": "CVE-2023-53178",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2025-09-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395358"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix zswap writeback race condition\n\nThe zswap writeback mechanism can cause a race condition resulting in\nmemory corruption, where a swapped out page gets swapped in with data that\nwas written to a different page.\n\nThe race unfolds like this:\n1. a page with data A and swap offset X is stored in zswap\n2. page A is removed off the LRU by zpool driver for writeback in\n zswap-shrink work, data for A is mapped by zpool driver\n3. user space program faults and invalidates page entry A, offset X is\n considered free\n4. kswapd stores page B at offset X in zswap (zswap could also be\n full, if so, page B would then be IOed to X, then skip step 5.)\n5. entry A is replaced by B in tree-\u003erbroot, this doesn\u0027t affect the\n local reference held by zswap-shrink work\n6. zswap-shrink work writes back A at X, and frees zswap entry A\n7. swapin of slot X brings A in memory instead of B\n\nThe fix:\nOnce the swap page cache has been allocated (case ZSWAP_SWAPCACHE_NEW),\nzswap-shrink work just checks that the local zswap_entry reference is\nstill the same as the one in the tree. If it\u0027s not the same it means that\nit\u0027s either been invalidated or replaced, in both cases the writeback is\naborted because the local entry contains stale data.\n\nReproducer:\nI originally found this by running `stress` overnight to validate my work\non the zswap writeback mechanism, it manifested after hours on my test\nmachine. The key to make it happen is having zswap writebacks, so\nwhatever setup pumps /sys/kernel/debug/zswap/written_back_pages should do\nthe trick.\n\nIn order to reproduce this faster on a vm, I setup a system with ~100M of\navailable memory and a 500M swap file, then running `stress --vm 1\n--vm-bytes 300000000 --vm-stride 4000` makes it happen in matter of tens\nof minutes. One can speed things up even more by swinging\n/sys/module/zswap/parameters/max_pool_percent up and down between, say, 20\nand 1; this makes it reproduce in tens of seconds. It\u0027s crucial to set\n`--vm-stride` to something other than 4096 otherwise `stress` won\u0027t\nrealize that memory has been corrupted because all pages would have the\nsame data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mm: fix zswap writeback race condition",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is a race condition in the zswap writeback path that can lead to memory corruption when a swap slot is reused while a writeback is still in progress.\nA local unprivileged user can potentially trigger this issue by applying heavy memory pressure and causing frequent zswap evictions.\nWhile exploitation for data leakage or privilege escalation is unlikely, the flaw can result in data integrity issues or system instability under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53178"
},
{
"category": "external",
"summary": "RHBZ#2395358",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395358"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53178"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53178",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53178"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091555-CVE-2023-53178-9d27@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091555-CVE-2023-53178-9d27@gregkh/T"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mm: fix zswap writeback race condition"
},
{
"cve": "CVE-2023-53297",
"cwe": {
"id": "CWE-832",
"name": "Unlock of a Resource that is not Locked"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395681"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp\n\nconn-\u003echan_lock isn\u0027t acquired before l2cap_get_chan_by_scid,\nif l2cap_get_chan_by_scid returns NULL, then \u0027bad unlock balance\u0027\nis triggered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53297"
},
{
"category": "external",
"summary": "RHBZ#2395681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53297",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53297"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53297",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53297"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091627-CVE-2023-53297-8746@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091627-CVE-2023-53297-8746@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Bluetooth: L2CAP: fix \"bad unlock balance\" in l2cap_disconnect_rsp"
},
{
"cve": "CVE-2023-53322",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395891"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Wait for io return on terminate rport\n\nSystem crash due to use after free.\nCurrent code allows terminate_rport_io to exit before making\nsure all IOs has returned. For FCP-2 device, IO\u0027s can hang\non in HW because driver has not tear down the session in FW at\nfirst sign of cable pull. When dev_loss_tmo timer pops,\nterminate_rport_io is called and upper layer is about to\nfree various resources. Terminate_rport_io trigger qla to do\nthe final cleanup, but the cleanup might not be fast enough where it\nleave qla still holding on to the same resource.\n\nWait for IO\u0027s to return to upper layer before resources are freed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: scsi: qla2xxx: Wait for io return on terminate rport",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53322"
},
{
"category": "external",
"summary": "RHBZ#2395891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53322"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53322-45ba@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091644-CVE-2023-53322-45ba@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: scsi: qla2xxx: Wait for io return on terminate rport"
},
{
"cve": "CVE-2025-38729",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2393164"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 power domain descriptors, too\n\nUAC3 power domain descriptors need to be verified with its variable\nbLength for avoiding the unexpected OOB accesses by malicious\nfirmware, too.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A malicious or malformed USB Audio Class 3.0 device could provide a power-domain descriptor with an invalid bLength, leading the usb-audio parser to read past the end of the buffer. The fix adds explicit length checks for UAC3 power domain descriptors to prevent OOB access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38729"
},
{
"category": "external",
"summary": "RHBZ#2393164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2393164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38729"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38729-ca88@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025090403-CVE-2025-38729-ca88@gregkh/T"
}
],
"release_date": "2025-09-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too"
},
{
"cve": "CVE-2025-39757",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394615"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Validate UAC3 cluster segment descriptors\n\nUAC3 class segment descriptors need to be verified whether their sizes\nmatch with the declared lengths and whether they fit with the\nallocated buffer sizes, too. Otherwise malicious firmware may lead to\nthe unexpected OOB accesses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39757"
},
{
"category": "external",
"summary": "RHBZ#2394615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39757"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091144-CVE-2025-39757-e212@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091144-CVE-2025-39757-e212@gregkh/T"
}
],
"release_date": "2025-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors"
},
{
"cve": "CVE-2025-39955",
"cwe": {
"id": "CWE-213",
"name": "Exposure of Sensitive Information Due to Incompatible Policies"
},
"discovery_date": "2025-10-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402699"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect().\n\nsyzbot reported the splat below where a socket had tcp_sk(sk)-\u003efastopen_rsk\nin the TCP_ESTABLISHED state. [0]\n\nsyzbot reused the server-side TCP Fast Open socket as a new client before\nthe TFO socket completes 3WHS:\n\n 1. accept()\n 2. connect(AF_UNSPEC)\n 3. connect() to another destination\n\nAs of accept(), sk-\u003esk_state is TCP_SYN_RECV, and tcp_disconnect() changes\nit to TCP_CLOSE and makes connect() possible, which restarts timers.\n\nSince tcp_disconnect() forgot to clear tcp_sk(sk)-\u003efastopen_rsk, the\nretransmit timer triggered the warning and the intended packet was not\nretransmitted.\n\nLet\u0027s call reqsk_fastopen_remove() in tcp_disconnect().\n\n[0]:\nWARNING: CPU: 2 PID: 0 at net/ipv4/tcp_timer.c:542 tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nModules linked in:\nCPU: 2 UID: 0 PID: 0 Comm: swapper/2 Not tainted 6.17.0-rc5-g201825fb4278 #62 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\nRIP: 0010:tcp_retransmit_timer (net/ipv4/tcp_timer.c:542 (discriminator 7))\nCode: 41 55 41 54 55 53 48 8b af b8 08 00 00 48 89 fb 48 85 ed 0f 84 55 01 00 00 0f b6 47 12 3c 03 74 0c 0f b6 47 12 3c 04 74 04 90 \u003c0f\u003e 0b 90 48 8b 85 c0 00 00 00 48 89 ef 48 8b 40 30 e8 6a 4f 06 3e\nRSP: 0018:ffffc900002f8d40 EFLAGS: 00010293\nRAX: 0000000000000002 RBX: ffff888106911400 RCX: 0000000000000017\nRDX: 0000000002517619 RSI: ffffffff83764080 RDI: ffff888106911400\nRBP: ffff888106d5c000 R08: 0000000000000001 R09: ffffc900002f8de8\nR10: 00000000000000c2 R11: ffffc900002f8ff8 R12: ffff888106911540\nR13: ffff888106911480 R14: ffff888106911840 R15: ffffc900002f8de0\nFS: 0000000000000000(0000) GS:ffff88907b768000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8044d69d90 CR3: 0000000002c30003 CR4: 0000000000370ef0\nCall Trace:\n \u003cIRQ\u003e\n tcp_write_timer (net/ipv4/tcp_timer.c:738)\n call_timer_fn (kernel/time/timer.c:1747)\n __run_timers (kernel/time/timer.c:1799 kernel/time/timer.c:2372)\n timer_expire_remote (kernel/time/timer.c:2385 kernel/time/timer.c:2376 kernel/time/timer.c:2135)\n tmigr_handle_remote_up (kernel/time/timer_migration.c:944 kernel/time/timer_migration.c:1035)\n __walk_groups.isra.0 (kernel/time/timer_migration.c:533 (discriminator 1))\n tmigr_handle_remote (kernel/time/timer_migration.c:1096)\n handle_softirqs (./arch/x86/include/asm/jump_label.h:36 ./include/trace/events/irq.h:142 kernel/softirq.c:580)\n irq_exit_rcu (kernel/softirq.c:614 kernel/softirq.c:453 kernel/softirq.c:680 kernel/softirq.c:696)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1050 (discriminator 35) arch/x86/kernel/apic/apic.c:1050 (discriminator 35))\n \u003c/IRQ\u003e",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "tcp_disconnect() failed to clear tcp_sk(sk)-\u003efastopen_rsk when reusing a TFO socket (e.g., after accept() \u2192 connect(AF_UNSPEC) \u2192 connect() sequence).\nThis left a stale reference, allowing the retransmit timer to access a freed request_sock, triggering a kernel warning or potential UAF.\nTriggering requires local access and the ability to create and manipulate TCP Fast Open sockets (often through privileged or test contexts).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39955"
},
{
"category": "external",
"summary": "RHBZ#2402699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402699"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39955",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39955"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025100942-CVE-2025-39955-f36b@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025100942-CVE-2025-39955-f36b@gregkh/T"
}
],
"release_date": "2025-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-12-22T17:04:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:23960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.144.1.rt56.1296.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.144.1.rt56.1296.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: tcp: Clear tcp_sk(sk)-\u003efastopen_rsk in tcp_disconnect()"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…