RHSA-2026:2583
Vulnerability from csaf_redhat - Published: 2026-02-11 17:48 - Updated: 2026-02-12 06:51Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CVE-2025-38022)
* kernel: smb: client: Fix use-after-free in cifs_fill_dirent (CVE-2025-38051)
* kernel: Bluetooth: hci_event: call disconnect callback before deleting conn (CVE-2023-53673)
* kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (CVE-2025-40096)
* kernel: mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
* kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251)
* kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information disclosure, or denial of service. (CVE-2025-40304)
* kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling (CVE-2025-40322)
* kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state (CVE-2023-53833)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem (CVE-2025-38022)\n\n* kernel: smb: client: Fix use-after-free in cifs_fill_dirent (CVE-2025-38051)\n\n* kernel: Bluetooth: hci_event: call disconnect callback before deleting conn (CVE-2023-53673)\n\n* kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (CVE-2025-40096)\n\n* kernel: mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)\n\n* kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251)\n\n* kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information disclosure, or denial of service. (CVE-2025-40304)\n\n* kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling (CVE-2025-40322)\n\n* kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state (CVE-2023-53833)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2583",
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2373326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373326"
},
{
"category": "external",
"summary": "2373329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373329"
},
{
"category": "external",
"summary": "2402193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402193"
},
{
"category": "external",
"summary": "2407333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407333"
},
{
"category": "external",
"summary": "2418876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418876"
},
{
"category": "external",
"summary": "2418892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418892"
},
{
"category": "external",
"summary": "2419870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419870"
},
{
"category": "external",
"summary": "2419902",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419902"
},
{
"category": "external",
"summary": "2420366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420366"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2583.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2026-02-12T06:51:08+00:00",
"generator": {
"date": "2026-02-12T06:51:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2583",
"initial_release_date": "2026-02-11T17:48:23+00:00",
"revision_history": [
{
"date": "2026-02-11T17:48:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T17:48:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-12T06:51:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::realtime"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::nfv"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"product": {
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"product_id": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.156.1.rt14.441.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-core@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-core@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product": {
"name": "kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_id": "kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-284.156.1.rt14.441.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src"
},
"product_reference": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"product_id": "NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "NFV-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src"
},
"product_reference": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"product_id": "RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"relates_to_product_reference": "RT-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53673",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-10-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402193"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: call disconnect callback before deleting conn\n\nIn hci_cs_disconnect, we do hci_conn_del even if disconnection failed.\n\nISO, L2CAP and SCO connections refer to the hci_conn without\nhci_conn_get, so disconn_cfm must be called so they can clean up their\nconn, otherwise use-after-free occurs.\n\nISO:\n==========================================================\niso_sock_connect:880: sk 00000000eabd6557\niso_connect_cis:356: 70:1a:b8:98:ff:a2 -\u003e 28:3d:c2:4a:7e:da\n...\niso_conn_add:140: hcon 000000001696f1fd conn 00000000b6251073\nhci_dev_put:1487: hci0 orig refcnt 17\n__iso_chan_add:214: conn 00000000b6251073\niso_sock_clear_timer:117: sock 00000000eabd6557 state 3\n...\nhci_rx_work:4085: hci0 Event packet\nhci_event_packet:7601: hci0: event 0x0f\nhci_cmd_status_evt:4346: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3107: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon 000000001696f1fd handle 2560\nhci_conn_unlink:1102: hci0: hcon 000000001696f1fd\nhci_conn_drop:1451: hcon 00000000d8521aaf orig refcnt 2\nhci_chan_list_flush:2780: hcon 000000001696f1fd\nhci_dev_put:1487: hci0 orig refcnt 21\nhci_dev_put:1487: hci0 orig refcnt 20\nhci_req_cmd_complete:3978: opcode 0x0406 status 0x0c\n... \u003cno iso_* activity on sk/conn\u003e ...\niso_sock_sendmsg:1098: sock 00000000dea5e2e0, sk 00000000eabd6557\nBUG: kernel NULL pointer dereference, address: 0000000000000668\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP PTI\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nRIP: 0010:iso_sock_sendmsg (net/bluetooth/iso.c:1112) bluetooth\n==========================================================\n\nL2CAP:\n==================================================================\nhci_cmd_status_evt:4359: hci0: opcode 0x0406\nhci_cs_disconnect:2760: hci0: status 0x0c\nhci_sent_cmd_data:3085: hci0 opcode 0x0406\nhci_conn_del:1151: hci0 hcon ffff88800c999000 handle 3585\nhci_conn_unlink:1102: hci0: hcon ffff88800c999000\nhci_chan_list_flush:2780: hcon ffff88800c999000\nhci_chan_del:2761: hci0 hcon ffff88800c999000 chan ffff888018ddd280\n...\nBUG: KASAN: slab-use-after-free in hci_send_acl+0x2d/0x540 [bluetooth]\nRead of size 8 at addr ffff888018ddd298 by task bluetoothd/1175\n\nCPU: 0 PID: 1175 Comm: bluetoothd Tainted: G E 6.4.0-rc4+ #2\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-1.fc38 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5b/0x90\n print_report+0xcf/0x670\n ? __virt_addr_valid+0xf8/0x180\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n kasan_report+0xa8/0xe0\n ? hci_send_acl+0x2d/0x540 [bluetooth]\n hci_send_acl+0x2d/0x540 [bluetooth]\n ? __pfx___lock_acquire+0x10/0x10\n l2cap_chan_send+0x1fd/0x1300 [bluetooth]\n ? l2cap_sock_sendmsg+0xf2/0x170 [bluetooth]\n ? __pfx_l2cap_chan_send+0x10/0x10 [bluetooth]\n ? lock_release+0x1d5/0x3c0\n ? mark_held_locks+0x1a/0x90\n l2cap_sock_sendmsg+0x100/0x170 [bluetooth]\n sock_write_iter+0x275/0x280\n ? __pfx_sock_write_iter+0x10/0x10\n ? __pfx___lock_acquire+0x10/0x10\n do_iter_readv_writev+0x176/0x220\n ? __pfx_do_iter_readv_writev+0x10/0x10\n ? find_held_lock+0x83/0xa0\n ? selinux_file_permission+0x13e/0x210\n do_iter_write+0xda/0x340\n vfs_writev+0x1b4/0x400\n ? __pfx_vfs_writev+0x10/0x10\n ? __seccomp_filter+0x112/0x750\n ? populate_seccomp_data+0x182/0x220\n ? __fget_light+0xdf/0x100\n ? do_writev+0x19d/0x210\n do_writev+0x19d/0x210\n ? __pfx_do_writev+0x10/0x10\n ? mark_held_locks+0x1a/0x90\n do_syscall_64+0x60/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n ? do_syscall_64+0x6c/0x90\n ? lockdep_hardirqs_on_prepare+0x149/0x210\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7ff45cb23e64\nCode: 15 d1 1f 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b8 0f 1f 00 f3 0f 1e fa 80 3d 9d a7 0d 00 00 74 13 b8 14 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 89 54 24 1c 48 89\nRSP: 002b:00007fff21ae09b8 EFLAGS: 00000202 ORIG_RAX: 0000000000000014\nRAX: ffffffffffffffda RBX: \n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Bluetooth: hci_event: call disconnect callback before deleting conn",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been fixed in RHEL versions 9.4 and later.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53673"
},
{
"category": "external",
"summary": "RHBZ#2402193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53673",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53673"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2023-53673-36b9@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025100706-CVE-2023-53673-36b9@gregkh/T"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Bluetooth: hci_event: call disconnect callback before deleting conn"
},
{
"cve": "CVE-2023-53833",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420366"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference vulnerability was found in the Intel i915 graphics driver in the Linux kernel. The intel_atomic_get_new_crtc_state() function can return NULL if the CRTC state was not previously obtained via intel_atomic_get_crtc_state(), but the return value was not checked before use. This leads to a kernel crash when display mode changes are performed under certain conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a NULL pointer dereference in the Intel i915 graphics driver that can cause a kernel crash during display configuration changes. The vulnerability requires local access and affects systems with Intel integrated graphics.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-53833"
},
{
"category": "external",
"summary": "RHBZ#2420366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-53833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53833"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-53833",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-53833"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120954-CVE-2023-53833-09d9@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120954-CVE-2023-53833-09d9@gregkh/T"
}
],
"release_date": "2025-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the i915 module from being loaded. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist a kernel module. Note that this will disable Intel integrated graphics.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: drm/i915: Fix NULL ptr deref by checking new_crtc_state"
},
{
"cve": "CVE-2025-38022",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373326"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem\n\nCall Trace:\n\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:408 [inline]\n print_report+0xc3/0x670 mm/kasan/report.c:521\n kasan_report+0xe0/0x110 mm/kasan/report.c:634\n strlen+0x93/0xa0 lib/string.c:420\n __fortify_strlen include/linux/fortify-string.h:268 [inline]\n get_kobj_path_length lib/kobject.c:118 [inline]\n kobject_get_path+0x3f/0x2a0 lib/kobject.c:158\n kobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545\n ib_register_device drivers/infiniband/core/device.c:1472 [inline]\n ib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393\n rxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552\n rxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550\n rxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225\n nldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796\n rdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195\n rdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450\n netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\n netlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339\n netlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883\n sock_sendmsg_nosec net/socket.c:712 [inline]\n __sock_sendmsg net/socket.c:727 [inline]\n ____sys_sendmsg+0xa95/0xc70 net/socket.c:2566\n ___sys_sendmsg+0x134/0x1d0 net/socket.c:2620\n __sys_sendmsg+0x16d/0x220 net/socket.c:2652\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThis problem is similar to the problem that the\ncommit 1d6a9e7449e2 (\"RDMA/core: Fix use-after-free when rename device name\")\nfixes.\n\nThe root cause is: the function ib_device_rename() renames the name with\nlock. But in the function kobject_uevent(), this name is accessed without\nlock protection at the same time.\n\nThe solution is to add the lock protection when this name is accessed in\nthe function kobject_uevent().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38022"
},
{
"category": "external",
"summary": "RHBZ#2373326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38022"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38022-41b3@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38022-41b3@gregkh/T"
}
],
"release_date": "2025-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem"
},
{
"cve": "CVE-2025-38051",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373329"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix use-after-free in cifs_fill_dirent\n\nThere is a race condition in the readdir concurrency process, which may\naccess the rsp buffer after it has been released, triggering the\nfollowing KASAN warning.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in cifs_fill_dirent+0xb03/0xb60 [cifs]\n Read of size 4 at addr ffff8880099b819c by task a.out/342975\n\n CPU: 2 UID: 0 PID: 342975 Comm: a.out Not tainted 6.15.0-rc6+ #240 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x53/0x70\n print_report+0xce/0x640\n kasan_report+0xb8/0xf0\n cifs_fill_dirent+0xb03/0xb60 [cifs]\n cifs_readdir+0x12cb/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f996f64b9f9\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01\n f0 ff ff 0d f7 c3 0c 00 f7 d8 64 89 8\n RSP: 002b:00007f996f53de78 EFLAGS: 00000207 ORIG_RAX: 000000000000004e\n RAX: ffffffffffffffda RBX: 00007f996f53ecdc RCX: 00007f996f64b9f9\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007f996f53dea0 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000207 R12: ffffffffffffff88\n R13: 0000000000000000 R14: 00007ffc8cd9a500 R15: 00007f996f51e000\n \u003c/TASK\u003e\n\n Allocated by task 408:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n __kasan_slab_alloc+0x6e/0x70\n kmem_cache_alloc_noprof+0x117/0x3d0\n mempool_alloc_noprof+0xf2/0x2c0\n cifs_buf_get+0x36/0x80 [cifs]\n allocate_buffers+0x1d2/0x330 [cifs]\n cifs_demultiplex_thread+0x22b/0x2690 [cifs]\n kthread+0x394/0x720\n ret_from_fork+0x34/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 342979:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x37/0x50\n kmem_cache_free+0x2b8/0x500\n cifs_buf_release+0x3c/0x70 [cifs]\n cifs_readdir+0x1c97/0x3190 [cifs]\n iterate_dir+0x1a1/0x520\n __x64_sys_getdents64+0x134/0x220\n do_syscall_64+0x4b/0x110\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n The buggy address belongs to the object at ffff8880099b8000\n which belongs to the cache cifs_request of size 16588\n The buggy address is located 412 bytes inside of\n freed 16588-byte region [ffff8880099b8000, ffff8880099bc0cc)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x99b8\n head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n anon flags: 0x80000000000040(head|node=0|zone=1)\n page_type: f5(slab)\n raw: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n raw: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000040 ffff888001e03400 0000000000000000 dead000000000001\n head: 0000000000000000 0000000000010001 00000000f5000000 0000000000000000\n head: 0080000000000003 ffffea0000266e01 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff8880099b8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n \u003effff8880099b8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff8880099b8200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff8880099b8280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ==================================================================\n\nPOC is available in the link [1].\n\nThe problem triggering process is as follows:\n\nProcess 1 Process 2\n-----------------------------------\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: smb: client: Fix use-after-free in cifs_fill_dirent",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38051"
},
{
"category": "external",
"summary": "RHBZ#2373329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38051",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38051"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025061831-CVE-2025-38051-77da@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025061831-CVE-2025-38051-77da@gregkh/T"
}
],
"release_date": "2025-06-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: smb: client: Fix use-after-free in cifs_fill_dirent"
},
{
"cve": "CVE-2025-40096",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-10-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407333"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies\n\nWhen adding dependencies with drm_sched_job_add_dependency(), that\nfunction consumes the fence reference both on success and failure, so in\nthe latter case the dma_fence_put() on the error path (xarray failed to\nexpand) is a double free.\n\nInterestingly this bug appears to have been present ever since\ncommit ebd5f74255b9 (\"drm/sched: Add dependency tracking\"), since the code\nback then looked like this:\n\ndrm_sched_job_add_implicit_dependencies():\n...\n for (i = 0; i \u003c fence_count; i++) {\n ret = drm_sched_job_add_dependency(job, fences[i]);\n if (ret)\n break;\n }\n\n for (; i \u003c fence_count; i++)\n dma_fence_put(fences[i]);\n\nWhich means for the failing \u0027i\u0027 the dma_fence_put was already a double\nfree. Possibly there were no users at that time, or the test cases were\ninsufficient to hit it.\n\nThe bug was then only noticed and fixed after\ncommit 9c2ba265352a (\"drm/scheduler: use new iterator in drm_sched_job_add_implicit_dependencies v2\")\nlanded, with its fixup of\ncommit 4eaf02d6076c (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies\").\n\nAt that point it was a slightly different flavour of a double free, which\ncommit 963d0b356935 (\"drm/scheduler: fix drm_sched_job_add_implicit_dependencies harder\")\nnoticed and attempted to fix.\n\nBut it only moved the double free from happening inside the\ndrm_sched_job_add_dependency(), when releasing the reference not yet\nobtained, to the caller, when releasing the reference already released by\nthe former in the failure case.\n\nAs such it is not easy to identify the right target for the fixes tag so\nlets keep it simple and just continue the chain.\n\nWhile fixing we also improve the comment and explain the reason for taking\nthe reference and not dropping it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40096"
},
{
"category": "external",
"summary": "RHBZ#2407333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40096"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40096-09cc@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025103016-CVE-2025-40096-09cc@gregkh/T"
}
],
"release_date": "2025-10-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies"
},
{
"cve": "CVE-2025-40251",
"cwe": {
"id": "CWE-911",
"name": "Improper Update of Reference Count"
},
"discovery_date": "2025-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418892"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: rate: Unset parent pointer in devl_rate_nodes_destroy\n\nThe function devl_rate_nodes_destroy is documented to \"Unset parent for\nall rate objects\". However, it was only calling the driver-specific\n`rate_leaf_parent_set` or `rate_node_parent_set` ops and decrementing\nthe parent\u0027s refcount, without actually setting the\n`devlink_rate-\u003eparent` pointer to NULL.\n\nThis leaves a dangling pointer in the `devlink_rate` struct, which cause\nrefcount error in netdevsim[1] and mlx5[2]. In addition, this is\ninconsistent with the behavior of `devlink_nl_rate_parent_node_set`,\nwhere the parent pointer is correctly cleared.\n\nThis patch fixes the issue by explicitly setting `devlink_rate-\u003eparent`\nto NULL after notifying the driver, thus fulfilling the function\u0027s\ndocumented behavior for all rate objects.\n\n[1]\nrepro steps:\necho 1 \u003e /sys/bus/netdevsim/new_device\ndevlink dev eswitch set netdevsim/netdevsim1 mode switchdev\necho 1 \u003e /sys/bus/netdevsim/devices/netdevsim1/sriov_numvfs\ndevlink port function rate add netdevsim/netdevsim1/test_node\ndevlink port function rate set netdevsim/netdevsim1/128 parent test_node\necho 1 \u003e /sys/bus/netdevsim/del_device\n\ndmesg:\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 8 PID: 1530 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\nCPU: 8 UID: 0 PID: 1530 Comm: bash Not tainted 6.18.0-rc4+ #1 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\nCall Trace:\n \u003cTASK\u003e\n devl_rate_leaf_destroy+0x8d/0x90\n __nsim_dev_port_del+0x6c/0x70 [netdevsim]\n nsim_dev_reload_destroy+0x11c/0x140 [netdevsim]\n nsim_drv_remove+0x2b/0xb0 [netdevsim]\n device_release_driver_internal+0x194/0x1f0\n bus_remove_device+0xc6/0x130\n device_del+0x159/0x3c0\n device_unregister+0x1a/0x60\n del_device_store+0x111/0x170 [netdevsim]\n kernfs_fop_write_iter+0x12e/0x1e0\n vfs_write+0x215/0x3d0\n ksys_write+0x5f/0xd0\n do_syscall_64+0x55/0x10f0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n[2]\ndevlink dev eswitch set pci/0000:08:00.0 mode switchdev\ndevlink port add pci/0000:08:00.0 flavour pcisf pfnum 0 sfnum 1000\ndevlink port function rate add pci/0000:08:00.0/group1\ndevlink port function rate set pci/0000:08:00.0/32768 parent group1\nmodprobe -r mlx5_ib mlx5_fwctl mlx5_core\n\ndmesg:\nrefcount_t: decrement hit 0; leaking memory.\nWARNING: CPU: 7 PID: 16151 at lib/refcount.c:31 refcount_warn_saturate+0x42/0xe0\nCPU: 7 UID: 0 PID: 16151 Comm: bash Not tainted 6.17.0-rc7_for_upstream_min_debug_2025_10_02_12_44 #1 NONE\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014\nRIP: 0010:refcount_warn_saturate+0x42/0xe0\nCall Trace:\n \u003cTASK\u003e\n devl_rate_leaf_destroy+0x8d/0x90\n mlx5_esw_offloads_devlink_port_unregister+0x33/0x60 [mlx5_core]\n mlx5_esw_offloads_unload_rep+0x3f/0x50 [mlx5_core]\n mlx5_eswitch_unload_sf_vport+0x40/0x90 [mlx5_core]\n mlx5_sf_esw_event+0xc4/0x120 [mlx5_core]\n notifier_call_chain+0x33/0xa0\n blocking_notifier_call_chain+0x3b/0x50\n mlx5_eswitch_disable_locked+0x50/0x110 [mlx5_core]\n mlx5_eswitch_disable+0x63/0x90 [mlx5_core]\n mlx5_unload+0x1d/0x170 [mlx5_core]\n mlx5_uninit_one+0xa2/0x130 [mlx5_core]\n remove_one+0x78/0xd0 [mlx5_core]\n pci_device_remove+0x39/0xa0\n device_release_driver_internal+0x194/0x1f0\n unbind_store+0x99/0xa0\n kernfs_fop_write_iter+0x12e/0x1e0\n vfs_write+0x215/0x3d0\n ksys_write+0x5f/0xd0\n do_syscall_64+0x53/0x1f0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40251"
},
{
"category": "external",
"summary": "RHBZ#2418892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418892"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40251"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120431-CVE-2025-40251-7db7@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120431-CVE-2025-40251-7db7@gregkh/T"
}
],
"release_date": "2025-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy"
},
{
"cve": "CVE-2025-40258",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2025-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418876"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race condition in mptcp_schedule_work()\n\nsyzbot reported use-after-free in mptcp_schedule_work() [1]\n\nIssue here is that mptcp_schedule_work() schedules a work,\nthen gets a refcount on sk-\u003esk_refcnt if the work was scheduled.\nThis refcount will be released by mptcp_worker().\n\n[A] if (schedule_work(...)) {\n[B] sock_hold(sk);\n return true;\n }\n\nProblem is that mptcp_worker() can run immediately and complete before [B]\n\nWe need instead :\n\n sock_hold(sk);\n if (schedule_work(...))\n return true;\n sock_put(sk);\n\n[1]\nrefcount_t: addition on 0; use-after-free.\n WARNING: CPU: 1 PID: 29 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:25\nCall Trace:\n \u003cTASK\u003e\n __refcount_add include/linux/refcount.h:-1 [inline]\n __refcount_inc include/linux/refcount.h:366 [inline]\n refcount_inc include/linux/refcount.h:383 [inline]\n sock_hold include/net/sock.h:816 [inline]\n mptcp_schedule_work+0x164/0x1a0 net/mptcp/protocol.c:943\n mptcp_tout_timer+0x21/0xa0 net/mptcp/protocol.c:2316\n call_timer_fn+0x17e/0x5f0 kernel/time/timer.c:1747\n expire_timers kernel/time/timer.c:1798 [inline]\n __run_timers kernel/time/timer.c:2372 [inline]\n __run_timer_base+0x648/0x970 kernel/time/timer.c:2384\n run_timer_base kernel/time/timer.c:2393 [inline]\n run_timer_softirq+0xb7/0x180 kernel/time/timer.c:2403\n handle_softirqs+0x22f/0x710 kernel/softirq.c:622\n __do_softirq kernel/softirq.c:656 [inline]\n run_ktimerd+0xcf/0x190 kernel/softirq.c:1138\n smpboot_thread_fn+0x542/0xa60 kernel/smpboot.c:160\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mptcp: fix race condition in mptcp_schedule_work()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default, the MPTCP support is disabled in RHEL. This bug is only applicable if enabled.\nThe MPTCP disabled by default (in Red Hat Enterprise Linux or Fedora). Particular this CVE looks higher severity, because could lead to privileges escalation potentially. The MPTCP is networking protocol (so if enabled by root, then potentially could be triggered). The protocol alive and being used in some scenarios, but known to be not safe enough to be enabled by default (need to use it with care taking in mind CVEs like this). There is one more similar previous CVE (one or two weeks ago) that is also MPTCP, but less danger that is CVE-2024-53122",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40258"
},
{
"category": "external",
"summary": "RHBZ#2418876",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418876"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40258"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120433-CVE-2025-40258-d10d@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120433-CVE-2025-40258-d10d@gregkh/T"
}
],
"release_date": "2025-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
},
{
"category": "workaround",
"details": "If enabled, you may disable MPTCP support. For more information please read https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/getting-started-with-multipath-tcp_configuring-and-managing-networking#preparing-rhel-to-enable-mptcp-support_getting-started-with-multipath-tcp",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mptcp: fix race condition in mptcp_schedule_work()"
},
{
"cve": "CVE-2025-40304",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419870"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds\n\nAdd bounds checking to prevent writes past framebuffer boundaries when\nrendering text near screen edges. Return early if the Y position is off-screen\nand clip image height to screen boundary. Break from the rendering loop if the\nX position is off-screen. When clipping image width to fit the screen, update\nthe character count to match the clipped width to prevent buffer size\nmismatches.\n\nWithout the character count update, bit_putcs_aligned and bit_putcs_unaligned\nreceive mismatched parameters where the buffer is allocated for the clipped\nwidth but cnt reflects the original larger count, causing out-of-bounds writes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information disclosure, or denial of service.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40304"
},
{
"category": "external",
"summary": "RHBZ#2419870",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419870"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40304"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40304-47b3@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120820-CVE-2025-40304-47b3@gregkh/T"
}
],
"release_date": "2025-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information disclosure, or denial of service."
},
{
"cve": "CVE-2025-40322",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419902"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: bitblit: bound-check glyph index in bit_putcs*\n\nbit_putcs_aligned()/unaligned() derived the glyph pointer from the\ncharacter value masked by 0xff/0x1ff, which may exceed the actual font\u0027s\nglyph count and read past the end of the built-in font array.\nClamp the index to the actual glyph count before computing the address.\n\nThis fixes a global out-of-bounds read reported by syzbot.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40322"
},
{
"category": "external",
"summary": "RHBZ#2419902",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419902"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40322"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120823-CVE-2025-40322-6355@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120823-CVE-2025-40322-6355@gregkh/T"
}
],
"release_date": "2025-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T17:48:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2583"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent the `fbdev` kernel module from loading if it is not required for system operation. Create a file named `/etc/modprobe.d/disable-fbdev.conf` with the following content:\n\n```\ninstall fbdev /bin/true\nblacklist fbdev\n```\n\nAfter creating the file, regenerate the initramfs using `dracut -f -v` and reboot the system for the changes to take effect. This mitigation may impact systems that rely on `fbdev` for console display or specific graphics hardware, requiring careful evaluation before implementation.",
"product_ids": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"NFV-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"NFV-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.src",
"RT-9.2.0.Z.E4S:kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-devel-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-kvm-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-core-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64",
"RT-9.2.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-284.156.1.rt14.441.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…