RHSA-2026:3634
Vulnerability from csaf_redhat - Published: 2026-03-03 09:54 - Updated: 2026-03-05 03:23Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)
* kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)
* kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)
* kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)
* kernel: media: rc: fix races with imon_disconnect() (CVE-2025-39993)
* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)
* kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)
* kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)\n\n* kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)\n\n* kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)\n\n* kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)\n\n* kernel: media: rc: fix races with imon_disconnect() (CVE-2025-39993)\n\n* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)\n\n* kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)\n\n* kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)\n\n* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3634",
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2383404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383404"
},
{
"category": "external",
"summary": "2383487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383487"
},
{
"category": "external",
"summary": "2394601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394601"
},
{
"category": "external",
"summary": "2395805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395805"
},
{
"category": "external",
"summary": "2404121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404121"
},
{
"category": "external",
"summary": "2419837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419837"
},
{
"category": "external",
"summary": "2420347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420347"
},
{
"category": "external",
"summary": "2424880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424880"
},
{
"category": "external",
"summary": "2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3634.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2026-03-05T03:23:30+00:00",
"generator": {
"date": "2026-03-05T03:23:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.2"
}
},
"id": "RHSA-2026:3634",
"initial_release_date": "2026-03-03T09:54:06+00:00",
"revision_history": [
{
"date": "2026-03-03T09:54:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-03T09:54:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-05T03:23:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"product": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"product_id": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.147.1.rt56.1299.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"product": {
"name": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"product_id": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.147.1.rt56.1299.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50673",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420347"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the ext4 filesystem\u0027s orphan inode cleanup routine in the Linux kernel. When ext4_inode_attach_jinode() fails with -ENOMEM during orphan cleanup at mount time, the error is not properly propagated. The inode is freed via iput(), but the orphan list still references the same inode number. On the next loop iteration, the freed inode structure is reused, triggering a use-after-free when adding it to the orphan list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ext4: fix use-after-free in ext4_orphan_cleanup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during ext4 filesystem mount when memory allocation fails at a specific point in orphan inode processing. Exploitation requires local access to mount ext4 filesystems and the ability to induce memory pressure during the mount operation, making practical exploitation difficult.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50673"
},
{
"category": "external",
"summary": "RHBZ#2420347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50673"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50673-f920@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50673-f920@gregkh/T"
}
],
"release_date": "2025-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ext4: fix use-after-free in ext4_orphan_cleanup"
},
{
"cve": "CVE-2025-38415",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383404"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check return result of sb_min_blocksize\n\nSyzkaller reports an \"UBSAN: shift-out-of-bounds in squashfs_bio_read\" bug.\n\nSyzkaller forks multiple processes which after mounting the Squashfs\nfilesystem, issues an ioctl(\"/dev/loop0\", LOOP_SET_BLOCK_SIZE, 0x8000). \nNow if this ioctl occurs at the same time another process is in the\nprocess of mounting a Squashfs filesystem on /dev/loop0, the failure\noccurs. When this happens the following code in squashfs_fill_super()\nfails.\n\n----\nmsblk-\u003edevblksize = sb_min_blocksize(sb, SQUASHFS_DEVBLK_SIZE);\nmsblk-\u003edevblksize_log2 = ffz(~msblk-\u003edevblksize);\n----\n\nsb_min_blocksize() returns 0, which means msblk-\u003edevblksize is set to 0.\n\nAs a result, ffz(~msblk-\u003edevblksize) returns 64, and msblk-\u003edevblksize_log2\nis set to 64.\n\nThis subsequently causes the\n\nUBSAN: shift-out-of-bounds in fs/squashfs/block.c:195:36\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka\n\u0027unsigned long long\u0027)\n\nThis commit adds a check for a 0 return by sb_min_blocksize().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "RHBZ#2383404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38415"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025072513-CVE-2025-38415-c634@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025072513-CVE-2025-38415-c634@gregkh/T"
}
],
"release_date": "2025-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation"
},
{
"cve": "CVE-2025-38459",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383487"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\natm: clip: Fix infinite recursive call of clip_push().\n\nsyzbot reported the splat below. [0]\n\nThis happens if we call ioctl(ATMARP_MKIP) more than once.\n\nDuring the first call, clip_mkip() sets clip_push() to vcc-\u003epush(),\nand the second call copies it to clip_vcc-\u003eold_push().\n\nLater, when the socket is close()d, vcc_destroy_socket() passes\nNULL skb to clip_push(), which calls clip_vcc-\u003eold_push(),\ntriggering the infinite recursion.\n\nLet\u0027s prevent the second ioctl(ATMARP_MKIP) by checking\nvcc-\u003euser_back, which is allocated by the first call as clip_vcc.\n\nNote also that we use lock_sock() to prevent racy calls.\n\n[0]:\nBUG: TASK stack guard page was hit at ffffc9000d66fff8 (stack is ffffc9000d670000..ffffc9000d678000)\nOops: stack guard page: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller #0 PREEMPT(full)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\nRIP: 0010:clip_push+0x5/0x720 net/atm/clip.c:191\nCode: e0 8f aa 8c e8 1c ad 5b fa eb ae 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 \u003c41\u003e 57 41 56 41 55 41 54 53 48 83 ec 20 48 89 f3 49 89 fd 48 bd 00\nRSP: 0018:ffffc9000d670000 EFLAGS: 00010246\nRAX: 1ffff1100235a4a5 RBX: ffff888011ad2508 RCX: ffff8880003c0000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff888037f01000\nRBP: dffffc0000000000 R08: ffffffff8fa104f7 R09: 1ffffffff1f4209e\nR10: dffffc0000000000 R11: ffffffff8a99b300 R12: ffffffff8a99b300\nR13: ffff888037f01000 R14: ffff888011ad2500 R15: ffff888037f01578\nFS: 000055557ab6d500(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: ffffc9000d66fff8 CR3: 0000000043172000 CR4: 0000000000352ef0\nCall Trace:\n \u003cTASK\u003e\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n...\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n clip_push+0x6dc/0x720 net/atm/clip.c:200\n vcc_destroy_socket net/atm/common.c:183 [inline]\n vcc_release+0x157/0x460 net/atm/common.c:205\n __sock_release net/socket.c:647 [inline]\n sock_close+0xc0/0x240 net/socket.c:1391\n __fput+0x449/0xa70 fs/file_table.c:465\n task_work_run+0x1d1/0x260 kernel/task_work.c:227\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n exit_to_user_mode_loop+0xec/0x110 kernel/entry/common.c:114\n exit_to_user_mode_prepare include/linux/entry-common.h:330 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:414 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:449 [inline]\n do_syscall_64+0x2bd/0x3b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff31c98e929\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fffb5aa1f78 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4\nRAX: 0000000000000000 RBX: 0000000000012747 RCX: 00007ff31c98e929\nRDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003\nRBP: 00007ff31cbb7ba0 R08: 0000000000000001 R09: 0000000db5aa226f\nR10: 00007ff31c7ff030 R11: 0000000000000246 R12: 00007ff31cbb608c\nR13: 00007ff31cbb6080 R14: ffffffffffffffff R15: 00007fffb5aa2090\n \u003c/TASK\u003e\nModules linked in:",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38459"
},
{
"category": "external",
"summary": "RHBZ#2383487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383487"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38459"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38459-e941@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38459-e941@gregkh/T"
}
],
"release_date": "2025-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion"
},
{
"cve": "CVE-2025-39760",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394601"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: config: Prevent OOB read in SS endpoint companion parsing\n\nusb_parse_ss_endpoint_companion() checks descriptor type before length,\nenabling a potentially odd read outside of the buffer size.\n\nFix this up by checking the size first before looking at any of the\nfields in the descriptor.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39760"
},
{
"category": "external",
"summary": "RHBZ#2394601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39760",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39760"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39760-2d5f@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39760-2d5f@gregkh/T"
}
],
"release_date": "2025-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing"
},
{
"cve": "CVE-2025-39817",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395805"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix slab-out-of-bounds in efivarfs_d_compare\n\nObserved on kernel 6.6 (present on master as well):\n\n BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0\n Call trace:\n kasan_check_range+0xe8/0x190\n __asan_loadN+0x1c/0x28\n memcmp+0x98/0xd0\n efivarfs_d_compare+0x68/0xd8\n __d_lookup_rcu_op_compare+0x178/0x218\n __d_lookup_rcu+0x1f8/0x228\n d_alloc_parallel+0x150/0x648\n lookup_open.isra.0+0x5f0/0x8d0\n open_last_lookups+0x264/0x828\n path_openat+0x130/0x3f8\n do_filp_open+0x114/0x248\n do_sys_openat2+0x340/0x3c0\n __arm64_sys_openat+0x120/0x1a0\n\nIf dentry-\u003ed_name.len \u003c EFI_VARIABLE_GUID_LEN , \u0027guid\u0027 can become\nnegative, leadings to oob. The issue can be triggered by parallel\nlookups using invalid filename:\n\n T1\t\t\tT2\n lookup_open\n -\u003elookup\n simple_lookup\n d_add\n // invalid dentry is added to hash list\n\n\t\t\tlookup_open\n\t\t\t d_alloc_parallel\n\t\t\t __d_lookup_rcu\n\t\t\t __d_lookup_rcu_op_compare\n\t\t\t hlist_bl_for_each_entry_rcu\n\t\t\t // invalid dentry can be retrieved\n\t\t\t -\u003ed_compare\n\t\t\t efivarfs_d_compare\n\t\t\t // oob\n\nFix it by checking \u0027guid\u0027 before cmp.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39817"
},
{
"category": "external",
"summary": "RHBZ#2395805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39817"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39817-90b7@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39817-90b7@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare"
},
{
"cve": "CVE-2025-39993",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404121"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: fix races with imon_disconnect()\n\nSyzbot reports a KASAN issue as below:\nBUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline]\nBUG: KASAN: use-after-free in send_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nRead of size 4 at addr ffff8880256fb000 by task syz-executor314/4465\n\nCPU: 2 PID: 4465 Comm: syz-executor314 Not tainted 6.0.0-rc1-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.14.0-2 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\nprint_address_description mm/kasan/report.c:317 [inline]\nprint_report.cold+0x2ba/0x6e9 mm/kasan/report.c:433\nkasan_report+0xb1/0x1e0 mm/kasan/report.c:495\n__create_pipe include/linux/usb.h:1945 [inline]\nsend_packet+0xa2d/0xbc0 drivers/media/rc/imon.c:627\nvfd_write+0x2d9/0x550 drivers/media/rc/imon.c:991\nvfs_write+0x2d7/0xdd0 fs/read_write.c:576\nksys_write+0x127/0x250 fs/read_write.c:631\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe iMON driver improperly releases the usb_device reference in\nimon_disconnect without coordinating with active users of the\ndevice.\n\nSpecifically, the fields usbdev_intf0 and usbdev_intf1 are not\nprotected by the users counter (ictx-\u003eusers). During probe,\nimon_init_intf0 or imon_init_intf1 increments the usb_device\nreference count depending on the interface. However, during\ndisconnect, usb_put_dev is called unconditionally, regardless of\nactual usage.\n\nAs a result, if vfd_write or other operations are still in\nprogress after disconnect, this can lead to a use-after-free of\nthe usb_device pointer.\n\nThread 1 vfd_write Thread 2 imon_disconnect\n ...\n if\n usb_put_dev(ictx-\u003eusbdev_intf0)\n else\n usb_put_dev(ictx-\u003eusbdev_intf1)\n...\nwhile\n send_packet\n if\n pipe = usb_sndintpipe(\n ictx-\u003eusbdev_intf0) UAF\n else\n pipe = usb_sndctrlpipe(\n ictx-\u003eusbdev_intf0, 0) UAF\n\nGuard access to usbdev_intf0 and usbdev_intf1 after disconnect by\nchecking ictx-\u003edisconnected in all writer paths. Add early return\nwith -ENODEV in send_packet(), vfd_write(), lcd_write() and\ndisplay_open() if the device is no longer present.\n\nSet and read ictx-\u003edisconnected under ictx-\u003elock to ensure memory\nsynchronization. Acquire the lock in imon_disconnect() before setting\nthe flag to synchronize with any ongoing operations.\n\nEnsure writers exit early and safely after disconnect before the USB\ncore proceeds with cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: media: rc: fix races with imon_disconnect()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "RHBZ#2404121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39993",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39993"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T"
}
],
"release_date": "2025-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: media: rc: fix races with imon_disconnect()"
},
{
"cve": "CVE-2025-40271",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419837"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: fix uaf in proc_readdir_de()\n\nPde is erased from subdir rbtree through rb_erase(), but not set the node\nto EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE()\nset the erased node to EMPTY, then pde_subdir_next() will return NULL to\navoid uaf access.\n\nWe found an uaf issue while using stress-ng testing, need to run testcase\ngetdent and tun in the same time. The steps of the issue is as follows:\n\n1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current\n pde is tun3;\n\n2) in the [time windows] unregister netdevice tun3 and tun2, and erase\n them from rbtree. erase tun3 first, and then erase tun2. the\n pde(tun2) will be released to slab;\n\n3) continue to getdent process, then pde_subdir_next() will return\n pde(tun2) which is released, it will case uaf access.\n\nCPU 0 | CPU 1\n-------------------------------------------------------------------------\ntraverse dir /proc/pid/net/dev_snmp6/ | unregister_netdevice(tun-\u003edev) //tun3 tun2\nsys_getdents64() |\n iterate_dir() |\n proc_readdir() |\n proc_readdir_de() | snmp6_unregister_dev()\n pde_get(de); | proc_remove()\n read_unlock(\u0026proc_subdir_lock); | remove_proc_subtree()\n | write_lock(\u0026proc_subdir_lock);\n [time window] | rb_erase(\u0026root-\u003esubdir_node, \u0026parent-\u003esubdir);\n | write_unlock(\u0026proc_subdir_lock);\n read_lock(\u0026proc_subdir_lock); |\n next = pde_subdir_next(de); |\n pde_put(de); |\n de = next; //UAF |\n\nrbtree of dev_snmp6\n |\n pde(tun3)\n / \\\n NULL pde(tun2)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability is a race condition in /proc directory enumeration, where a proc_dir_entry can be freed after rb_erase() but still referenced because the rbtree node is not cleared. A local unprivileged attacker can trigger a use-after-free by running getdents() (that calls proc_readdir_de()) in parallel with rapid creation and removal of network-related proc entries (e.g., tun devices). In practice this leads to a kernel NULL-pointer dereference or slab-UAF crash. Reliable exploitation beyond denial-of-service is unlikely due to the narrow timing window, but theoretically possible.\nThe bug could be triggered by the local attacker with the ability to create and remove network devices (e.g. CAP_NET_ADMIN).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40271"
},
{
"category": "external",
"summary": "RHBZ#2419837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419837"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40271"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40271-7612@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40271-7612@gregkh/T"
}
],
"release_date": "2025-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service."
},
{
"cve": "CVE-2025-68349",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2424880"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid\n\nFixes a crash when layout is null during this call stack:\n\nwrite_inode\n -\u003e nfs4_write_inode\n -\u003e pnfs_layoutcommit_inode\n\npnfs_set_layoutcommit relies on the lseg refcount to keep the layout\naround. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt\nto reference a null layout.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug is caused by a stale state flag (NFS_INO_LAYOUTCOMMIT) remaining set after the pNFS layout has been invalidated, leading to a NULL pointer dereference during layout commit handling. The issue results in a kernel crash when specific NFS writeback paths are executed. As it involves no memory corruption or attacker-controlled data, it represents a denial-of-service condition only.\nThe issue is triggered by a connected NFS client through normal pNFS writeback flows and affects the NFS server kernel, requiring an established NFSv4 session rather than unauthenticated network access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68349"
},
{
"category": "external",
"summary": "RHBZ#2424880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68349"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68349-12d5@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68349-12d5@gregkh/T"
}
],
"release_date": "2025-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "If NFS service not being used, then disable it to prevent possibility of triggering this bug (and usually it is disabled by default):\nsudo systemctl stop nfs-server\nsudo systemctl disable nfs-server",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid"
},
{
"cve": "CVE-2026-23074",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s networking component. A local attacker with low privileges could exploit a design issue in the teql queueing discipline, which is responsible for managing network traffic. By sending specially crafted network packets, an attacker could trigger a use-after-free (UAF) vulnerability, which is a type of memory corruption. This could lead to a system crash, or potentially allow the attacker to execute unauthorized code or gain elevated system access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23074"
},
{
"category": "external",
"summary": "RHBZ#2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T"
}
],
"release_date": "2026-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…