Vulnerability-Lookup

RHSA-2026:0443

Vulnerability from csaf_redhat - Published: 2026-01-12 02:42 - Updated: 2026-03-18 03:14

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: media: rc: fix races with imon_disconnect() (CVE-2025-39993) * kernel: sctp: avoid NULL dereference when chunk data buffer is missing (CVE-2025-40240) * kernel: libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: media: rc: fix races with imon_disconnect() (CVE-2025-39993)\n\n* kernel: sctp: avoid NULL dereference when chunk data buffer is missing (CVE-2025-40240)\n\n* kernel: libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:0443",
        "url": "https://access.redhat.com/errata/RHSA-2026:0443"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2404121",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404121"
      },
      {
        "category": "external",
        "summary": "2418832",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418832"
      },
      {
        "category": "external",
        "summary": "2422801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422801"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0443.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2026-03-18T03:14:47+00:00",
      "generator": {
        "date": "2026-03-18T03:14:47+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2026:0443",
      "initial_release_date": "2026-01-12T02:42:33+00:00",
      "revision_history": [
        {
          "date": "2026-01-12T02:42:33+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-01-12T02:42:33+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T03:14:47+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux NFV (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux NFV (v. 8)",
                  "product_id": "NFV-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux RT (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux RT (v. 8)",
                  "product_id": "RT-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
                "product": {
                  "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
                  "product_id": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.92.1.rt7.433.el8_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-553.92.1.rt7.433.el8_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
          "product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
          "product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
        "relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-39993",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2025-10-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2404121"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free flaw exists in the Linux kernel\u2019s media/rc subsystem. When the device is disconnected via imon_disconnect(), the driver may unconditionally release a usb_device reference (via usb_put_dev) even while other operations (such as vfd_write, send_packet, display_open, lcd_write) are still in progress. Because the pointers usbdev_intf0/usbdev_intf1 are not properly protected by a users-counter or locking, this situation can lead to a use-after-free of the usb_device pointer and therefore memory corruption or kernel stability issues",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: media: rc: fix races with imon_disconnect()",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        ],
        "known_not_affected": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-39993"
        },
        {
          "category": "external",
          "summary": "RHBZ#2404121",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404121"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-39993",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39993",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39993"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T"
        }
      ],
      "release_date": "2025-10-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-12T02:42:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0443"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: media: rc: fix races with imon_disconnect()"
    },
    {
      "cve": "CVE-2025-40240",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2025-12-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2418832"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: avoid NULL dereference when chunk data buffer is missing\n\nchunk-\u003eskb pointer is dereferenced in the if-block where it\u0027s supposed\nto be NULL only.\n\nchunk-\u003eskb can only be NULL if chunk-\u003ehead_skb is not. Check for frag_list\ninstead and do it just before replacing chunk-\u003eskb. We\u0027re sure that\notherwise chunk-\u003eskb is non-NULL because of outer if() condition.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: sctp: avoid NULL dereference when chunk data buffer is missing",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "A missing data buffer (frag_list) in SCTP chunk processing could trigger a NULL pointer dereference when handling GSO packets.\nA remote attacker sending a malformed SCTP packet could cause a kernel crash (DoS).\nThe system is vulnerable only if CONFIG_IP_SCTP enabled in Kernel configuration (and for the Red Hat Enterprise Linux it is always disabled in older versions and enabled as module in latest versions only). However even if module exists in Red Hat Enterprise Linux, still admin need to specially enable it usage (make some SCTP listening port available) before exploitation would be possible.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-40240"
        },
        {
          "category": "external",
          "summary": "RHBZ#2418832",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418832"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-40240",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40240"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40240",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40240"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025120403-CVE-2025-40240-745a@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025120403-CVE-2025-40240-745a@gregkh/T"
        }
      ],
      "release_date": "2025-12-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-12T02:42:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0443"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, prevent module sctp from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: sctp: avoid NULL dereference when chunk data buffer is missing"
    },
    {
      "cve": "CVE-2025-68285",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2025-12-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2422801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The have_mon_and_osd_map() function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory during CephFS or RBD mount operations.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This race condition occurs during Ceph client session establishment. Exploitation is timing-dependent and requires concurrent map updates during mount, making practical exploitation difficult but not impossible.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
          "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-68285"
        },
        {
          "category": "external",
          "summary": "RHBZ#2422801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-68285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-68285"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68285",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68285"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68285-8339@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025121638-CVE-2025-68285-8339@gregkh/T"
        }
      ],
      "release_date": "2025-12-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-01-12T02:42:33+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:0443"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.src",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64",
            "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.92.1.rt7.433.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()"
    }
  ]
}

CVE-2025-39993 (GCVE-0-2025-39993)

Vulnerability from cvelistv5 – Published: 2025-10-15 07:58 – Updated: 2025-12-01 06:16

Title

media: rc: fix races with imon_disconnect()

Summary

In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627 Read of size 4 at addr ffff8880256fb000 by task syz-executor314/4465 CPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:317 [inline] print_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433 kasan_report+0xb1/0x1e0 mm/kasan/report.c:495 __create_pipe include/linux/usb.h:1945 [inline] send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627 vfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991 vfs_write+0x2d7/0xdd0 fs/read_write.c:576 ksys_write+0x127/0x250 fs/read_write.c:631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The iMON driver improperly releases the usb_device reference in imon_disconnect without coordinating with active users of the device. Specifically, the fields usbdev_intf0 and usbdev_intf1 are not protected by the users counter (ictx->users). During probe, imon_init_intf0 or imon_init_intf1 increments the usb_device reference count depending on the interface. However, during disconnect, usb_put_dev is called unconditionally, regardless of actual usage. As a result, if vfd_write or other operations are still in progress after disconnect, this can lead to a use-after-free of the usb_device pointer. Thread 1 vfd_write Thread 2 imon_disconnect ... if usb_put_dev(ictx->usbdev_intf0) else usb_put_dev(ictx->usbdev_intf1) ... while send_packet if pipe = usb_sndintpipe( ictx->usbdev_intf0) UAF else pipe = usb_sndctrlpipe( ictx->usbdev_intf0, 0) UAF Guard access to usbdev_intf0 and usbdev_intf1 after disconnect by checking ictx->disconnected in all writer paths. Add early return with -ENODEV in send_packet(), vfd_write(), lcd_write() and display_open() if the device is no longer present. Set and read ictx->disconnected under ictx->lock to ensure memory synchronization. Acquire the lock in imon_disconnect() before setting the flag to synchronize with any ongoing operations. Ensure writers exit early and safely after disconnect before the USB core proceeds with cleanup. Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9348976003e39754a…
	https://git.kernel.org/stable/c/b03fac6e2a38331fa…
	https://git.kernel.org/stable/c/71c52b073922d05e7…
	https://git.kernel.org/stable/c/71096a6161a25e84a…
	https://git.kernel.org/stable/c/71da40648741d15b3…
	https://git.kernel.org/stable/c/fd5d3e6b149ec8cce…
	https://git.kernel.org/stable/c/d9f6ce99624a41c3b…
	https://git.kernel.org/stable/c/2e7fd93b9cc565b83…
	https://git.kernel.org/stable/c/fa0f61cc1d828178a…

Impacted products

Vendor

Product

Version

Linux

Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < 9348976003e39754af344949579e824a0a210fc4 (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < b03fac6e2a38331faf8510b480becfa90cea1c9f (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < 71c52b073922d05e79e6de7fc7f5f38f927929a4 (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < 71096a6161a25e84acddb89a9d77f138502d26ab (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < 71da40648741d15b302700b68973fe8b382aef3c (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5 (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < d9f6ce99624a41c3bcb29a8d7d79b800665229dd (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < 2e7fd93b9cc565b839bc55a6662475718963e156 (git)
Affected: 21677cfc562a27e099719d413287bc8d1d24deb7 , < fa0f61cc1d828178aa921475a9b786e7fbb65ccb (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.195 , ≤ 5.15.* (semver)
Unaffected: 6.1.156 , ≤ 6.1.* (semver)
Unaffected: 6.6.110 , ≤ 6.6.* (semver)
Unaffected: 6.12.51 , ≤ 6.12.* (semver)
Unaffected: 6.16.11 , ≤ 6.16.* (semver)
Unaffected: 6.17.1 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/rc/imon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9348976003e39754af344949579e824a0a210fc4",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "b03fac6e2a38331faf8510b480becfa90cea1c9f",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "71c52b073922d05e79e6de7fc7f5f38f927929a4",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "71096a6161a25e84acddb89a9d77f138502d26ab",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "71da40648741d15b302700b68973fe8b382aef3c",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "d9f6ce99624a41c3bcb29a8d7d79b800665229dd",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "2e7fd93b9cc565b839bc55a6662475718963e156",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            },
            {
              "lessThan": "fa0f61cc1d828178aa921475a9b786e7fbb65ccb",
              "status": "affected",
              "version": "21677cfc562a27e099719d413287bc8d1d24deb7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/rc/imon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.110",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.156",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.110",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.51",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.11",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.1",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write                      Thread 2 imon_disconnect\n                                        ...\n                                        if\n                                          usb_put_dev(ictx-\u003eusbdev_intf0)\n                                        else\n                                          usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n  send_packet\n    if\n      pipe = usb_sndintpipe(\n        ictx-\u003eusbdev_intf0) UAF\n    else\n      pipe = usb_sndctrlpipe(\n        ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-01T06:16:03.732Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9348976003e39754af344949579e824a0a210fc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b03fac6e2a38331faf8510b480becfa90cea1c9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/71c52b073922d05e79e6de7fc7f5f38f927929a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/71096a6161a25e84acddb89a9d77f138502d26ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/71da40648741d15b302700b68973fe8b382aef3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd5d3e6b149ec8cce045d86a2b5e3664d6b32ba5"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9f6ce99624a41c3bcb29a8d7d79b800665229dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e7fd93b9cc565b839bc55a6662475718963e156"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa0f61cc1d828178aa921475a9b786e7fbb65ccb"
        }
      ],
      "title": "media: rc: fix races with imon_disconnect()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-39993",
    "datePublished": "2025-10-15T07:58:18.621Z",
    "dateReserved": "2025-04-16T07:20:57.150Z",
    "dateUpdated": "2025-12-01T06:16:03.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68285 (GCVE-0-2025-68285)

Vulnerability from cvelistv5 – Published: 2025-12-16 15:06 – Updated: 2026-01-02 15:34

Title

libceph: fix potential use-after-free in have_mon_and_osd_map()

Summary

In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both ceph_monc_handle_map() and handle_one_map() install a new map immediately after freeing the old one kfree(monc->monmap); monc->monmap = monmap; ceph_osdmap_destroy(osdc->osdmap); osdc->osdmap = newmap; under client->monc.mutex and client->osdc.lock respectively, but because neither is taken in have_mon_and_osd_map() it's possible for client->monc.monmap->epoch and client->osdc.osdmap->epoch arms in client->monc.monmap && client->monc.monmap->epoch && client->osdc.osdmap && client->osdc.osdmap->epoch; condition to dereference an already freed map. This happens to be reproducible with generic/395 and generic/397 with KASAN enabled: BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70 Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305 CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266 ... Call Trace: <TASK> have_mon_and_osd_map+0x56/0x70 ceph_open_session+0x182/0x290 ceph_get_tree+0x333/0x680 vfs_get_tree+0x49/0x180 do_new_mount+0x1a3/0x2d0 path_mount+0x6dd/0x730 do_mount+0x99/0xe0 __do_sys_mount+0x141/0x180 do_syscall_64+0x9f/0x100 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> Allocated by task 13305: ceph_osdmap_alloc+0x16/0x130 ceph_osdc_init+0x27a/0x4c0 ceph_create_client+0x153/0x190 create_fs_client+0x50/0x2a0 ceph_get_tree+0xff/0x680 vfs_get_tree+0x49/0x180 do_new_mount+0x1a3/0x2d0 path_mount+0x6dd/0x730 do_mount+0x99/0xe0 __do_sys_mount+0x141/0x180 do_syscall_64+0x9f/0x100 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 9475: kfree+0x212/0x290 handle_one_map+0x23c/0x3b0 ceph_osdc_handle_map+0x3c9/0x590 mon_dispatch+0x655/0x6f0 ceph_con_process_message+0xc3/0xe0 ceph_con_v1_try_read+0x614/0x760 ceph_con_workfn+0x2de/0x650 process_one_work+0x486/0x7c0 process_scheduled_works+0x73/0x90 worker_thread+0x1c8/0x2a0 kthread+0x2ec/0x300 ret_from_fork+0x24/0x40 ret_from_fork_asm+0x1a/0x30 Rewrite the wait loop to check the above condition directly with client->monc.mutex and client->osdc.lock taken as appropriate. While at it, improve the timeout handling (previously mount_timeout could be exceeded in case wait_event_interruptible_timeout() slept more than once) and access client->auth_err under client->monc.mutex to match how it's set in finish_auth(). monmap_show() and osdmap_show() now take the respective lock before accessing the map as well.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb4910c5fd436701f…
	https://git.kernel.org/stable/c/05ec43e9a9de67132…
	https://git.kernel.org/stable/c/7c8ccdc1714d9fabe…
	https://git.kernel.org/stable/c/183ad6e3b651e8fb0…
	https://git.kernel.org/stable/c/e08021b3b56b2407f…
	https://git.kernel.org/stable/c/3fc43120b22a3d4f1…
	https://git.kernel.org/stable/c/076381c261374c587…

Impacted products

Vendor

Product

Version

Linux

Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < bb4910c5fd436701faf367e1b5476a5a6d2aff1c (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 05ec43e9a9de67132dc8cd3b22afef001574947f (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 7c8ccdc1714d9fabecd26e1be7db1771061acc6e (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 183ad6e3b651e8fb0b66d6a2678f4b80bfbba092 (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < e08021b3b56b2407f37b5fe47b654be80cc665fb (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 3fc43120b22a3d4f1fbeff56a35ce2105b6a5683 (git)
Affected: 6822d00b5462e7a9dfa11dcc60cc25823a2107c5 , < 076381c261374c587700b3accf410bdd2dba334e (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 5.10.247 , ≤ 5.10.* (semver)
Unaffected: 5.15.197 , ≤ 5.15.* (semver)
Unaffected: 6.1.159 , ≤ 6.1.* (semver)
Unaffected: 6.6.119 , ≤ 6.6.* (semver)
Unaffected: 6.12.61 , ≤ 6.12.* (semver)
Unaffected: 6.17.11 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ceph/ceph_common.c",
            "net/ceph/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb4910c5fd436701faf367e1b5476a5a6d2aff1c",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "05ec43e9a9de67132dc8cd3b22afef001574947f",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "7c8ccdc1714d9fabecd26e1be7db1771061acc6e",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "183ad6e3b651e8fb0b66d6a2678f4b80bfbba092",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "e08021b3b56b2407f37b5fe47b654be80cc665fb",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "3fc43120b22a3d4f1fbeff56a35ce2105b6a5683",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            },
            {
              "lessThan": "076381c261374c587700b3accf410bdd2dba334e",
              "status": "affected",
              "version": "6822d00b5462e7a9dfa11dcc60cc25823a2107c5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ceph/ceph_common.c",
            "net/ceph/debugfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.247",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.197",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.61",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.247",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.197",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.159",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.119",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.61",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.11",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: fix potential use-after-free in have_mon_and_osd_map()\n\nThe wait loop in __ceph_open_session() can race with the client\nreceiving a new monmap or osdmap shortly after the initial map is\nreceived.  Both ceph_monc_handle_map() and handle_one_map() install\na new map immediately after freeing the old one\n\n    kfree(monc-\u003emonmap);\n    monc-\u003emonmap = monmap;\n\n    ceph_osdmap_destroy(osdc-\u003eosdmap);\n    osdc-\u003eosdmap = newmap;\n\nunder client-\u003emonc.mutex and client-\u003eosdc.lock respectively, but\nbecause neither is taken in have_mon_and_osd_map() it\u0027s possible for\nclient-\u003emonc.monmap-\u003eepoch and client-\u003eosdc.osdmap-\u003eepoch arms in\n\n    client-\u003emonc.monmap \u0026\u0026 client-\u003emonc.monmap-\u003eepoch \u0026\u0026\n        client-\u003eosdc.osdmap \u0026\u0026 client-\u003eosdc.osdmap-\u003eepoch;\n\ncondition to dereference an already freed map.  This happens to be\nreproducible with generic/395 and generic/397 with KASAN enabled:\n\n    BUG: KASAN: slab-use-after-free in have_mon_and_osd_map+0x56/0x70\n    Read of size 4 at addr ffff88811012d810 by task mount.ceph/13305\n    CPU: 2 UID: 0 PID: 13305 Comm: mount.ceph Not tainted 6.14.0-rc2-build2+ #1266\n    ...\n    Call Trace:\n    \u003cTASK\u003e\n    have_mon_and_osd_map+0x56/0x70\n    ceph_open_session+0x182/0x290\n    ceph_get_tree+0x333/0x680\n    vfs_get_tree+0x49/0x180\n    do_new_mount+0x1a3/0x2d0\n    path_mount+0x6dd/0x730\n    do_mount+0x99/0xe0\n    __do_sys_mount+0x141/0x180\n    do_syscall_64+0x9f/0x100\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n    \u003c/TASK\u003e\n\n    Allocated by task 13305:\n    ceph_osdmap_alloc+0x16/0x130\n    ceph_osdc_init+0x27a/0x4c0\n    ceph_create_client+0x153/0x190\n    create_fs_client+0x50/0x2a0\n    ceph_get_tree+0xff/0x680\n    vfs_get_tree+0x49/0x180\n    do_new_mount+0x1a3/0x2d0\n    path_mount+0x6dd/0x730\n    do_mount+0x99/0xe0\n    __do_sys_mount+0x141/0x180\n    do_syscall_64+0x9f/0x100\n    entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n    Freed by task 9475:\n    kfree+0x212/0x290\n    handle_one_map+0x23c/0x3b0\n    ceph_osdc_handle_map+0x3c9/0x590\n    mon_dispatch+0x655/0x6f0\n    ceph_con_process_message+0xc3/0xe0\n    ceph_con_v1_try_read+0x614/0x760\n    ceph_con_workfn+0x2de/0x650\n    process_one_work+0x486/0x7c0\n    process_scheduled_works+0x73/0x90\n    worker_thread+0x1c8/0x2a0\n    kthread+0x2ec/0x300\n    ret_from_fork+0x24/0x40\n    ret_from_fork_asm+0x1a/0x30\n\nRewrite the wait loop to check the above condition directly with\nclient-\u003emonc.mutex and client-\u003eosdc.lock taken as appropriate.  While\nat it, improve the timeout handling (previously mount_timeout could be\nexceeded in case wait_event_interruptible_timeout() slept more than\nonce) and access client-\u003eauth_err under client-\u003emonc.mutex to match\nhow it\u0027s set in finish_auth().\n\nmonmap_show() and osdmap_show() now take the respective lock before\naccessing the map as well."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-02T15:34:50.454Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb4910c5fd436701faf367e1b5476a5a6d2aff1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/05ec43e9a9de67132dc8cd3b22afef001574947f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c8ccdc1714d9fabecd26e1be7db1771061acc6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/183ad6e3b651e8fb0b66d6a2678f4b80bfbba092"
        },
        {
          "url": "https://git.kernel.org/stable/c/e08021b3b56b2407f37b5fe47b654be80cc665fb"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fc43120b22a3d4f1fbeff56a35ce2105b6a5683"
        },
        {
          "url": "https://git.kernel.org/stable/c/076381c261374c587700b3accf410bdd2dba334e"
        }
      ],
      "title": "libceph: fix potential use-after-free in have_mon_and_osd_map()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-68285",
    "datePublished": "2025-12-16T15:06:07.078Z",
    "dateReserved": "2025-12-16T14:48:05.292Z",
    "dateUpdated": "2026-01-02T15:34:50.454Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40240 (GCVE-0-2025-40240)

Vulnerability from cvelistv5 – Published: 2025-12-04 15:31 – Updated: 2025-12-04 15:31

Title

sctp: avoid NULL dereference when chunk data buffer is missing

Summary

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Check for frag_list instead and do it just before replacing chunk->skb. We're sure that otherwise chunk->skb is non-NULL because of outer if() condition.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/61cda2777b07d2745…
	https://git.kernel.org/stable/c/08165c29659707576…
	https://git.kernel.org/stable/c/03e80a4b04ef1fb2c…
	https://git.kernel.org/stable/c/4f6da435fb5d8a21c…
	https://git.kernel.org/stable/c/cb9055ba30306ede4…
	https://git.kernel.org/stable/c/7a832b0f99be19df6…
	https://git.kernel.org/stable/c/89b465b54227c245d…
	https://git.kernel.org/stable/c/441f0647f7673e0e6…

Impacted products

Vendor

Product

Version

Linux

Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < 61cda2777b07d27459f5cac5a047c3edf9c8a1a9 (git)
Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < 08165c296597075763130919f2aae59b5822f016 (git)
Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < 03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f (git)
Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < 4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71 (git)
Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < cb9055ba30306ede4ad920002233d0659982f1cb (git)
Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < 7a832b0f99be19df608cb75c023f8027b1789bd1 (git)
Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < 89b465b54227c245ddc7cc9ed822231af21123ef (git)
Affected: 90017accff61ae89283ad9a51f9ac46ca01633fb , < 441f0647f7673e0e64d4910ef61a5fb8f16bfb82 (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 5.4.301 , ≤ 5.4.* (semver)
Unaffected: 5.10.246 , ≤ 5.10.* (semver)
Unaffected: 5.15.196 , ≤ 5.15.* (semver)
Unaffected: 6.1.158 , ≤ 6.1.* (semver)
Unaffected: 6.6.115 , ≤ 6.6.* (semver)
Unaffected: 6.12.56 , ≤ 6.12.* (semver)
Unaffected: 6.17.6 , ≤ 6.17.* (semver)
Unaffected: 6.18 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/inqueue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "61cda2777b07d27459f5cac5a047c3edf9c8a1a9",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            },
            {
              "lessThan": "08165c296597075763130919f2aae59b5822f016",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            },
            {
              "lessThan": "03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            },
            {
              "lessThan": "4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            },
            {
              "lessThan": "cb9055ba30306ede4ad920002233d0659982f1cb",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            },
            {
              "lessThan": "7a832b0f99be19df608cb75c023f8027b1789bd1",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            },
            {
              "lessThan": "89b465b54227c245ddc7cc9ed822231af21123ef",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            },
            {
              "lessThan": "441f0647f7673e0e64d4910ef61a5fb8f16bfb82",
              "status": "affected",
              "version": "90017accff61ae89283ad9a51f9ac46ca01633fb",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sctp/inqueue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.196",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.115",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.56",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.196",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.158",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.115",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.56",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.6",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: avoid NULL dereference when chunk data buffer is missing\n\nchunk-\u003eskb pointer is dereferenced in the if-block where it\u0027s supposed\nto be NULL only.\n\nchunk-\u003eskb can only be NULL if chunk-\u003ehead_skb is not. Check for frag_list\ninstead and do it just before replacing chunk-\u003eskb. We\u0027re sure that\notherwise chunk-\u003eskb is non-NULL because of outer if() condition."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-04T15:31:29.715Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/61cda2777b07d27459f5cac5a047c3edf9c8a1a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/08165c296597075763130919f2aae59b5822f016"
        },
        {
          "url": "https://git.kernel.org/stable/c/03e80a4b04ef1fb2c61dd63216ab8d3a5dcb196f"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f6da435fb5d8a21cbf8cae5ca5a2ba0e1012b71"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb9055ba30306ede4ad920002233d0659982f1cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a832b0f99be19df608cb75c023f8027b1789bd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/89b465b54227c245ddc7cc9ed822231af21123ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/441f0647f7673e0e64d4910ef61a5fb8f16bfb82"
        }
      ],
      "title": "sctp: avoid NULL dereference when chunk data buffer is missing",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40240",
    "datePublished": "2025-12-04T15:31:29.715Z",
    "dateReserved": "2025-04-16T07:20:57.181Z",
    "dateUpdated": "2025-12-04T15:31:29.715Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:0443

CVE-2025-39993 (GCVE-0-2025-39993)

CVE-2025-68285 (GCVE-0-2025-68285)

CVE-2025-40240 (GCVE-0-2025-40240)

Tags

Sightings

Nomenclature