RHSA-2025:15009
Vulnerability from csaf_redhat - Published: 2025-09-02 02:56 - Updated: 2025-12-22 19:53Summary
Red Hat Security Advisory: kernel-rt security update
Severity
Moderate
Notes
Topic: An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)
* kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all references to the cm_id were removed. The references are removed either upon completion of iw_cm event handlers or when the application destroys the cm_id. This commit introduced the use-after-free condition where cm_id_private object could still be in use by event handler works during the destruction of cm_id. The commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs") addressed this use-after- free by flushing all pending works at the cm_id destruction. However, still another use-after-free possibility remained. It happens with the work objects allocated for each cm_id_priv within alloc_work_entries() during cm_id creation, and subsequently freed in dealloc_work_entries() once all references to the cm_id are removed. If the cm_id's last reference is decremented in the event handler work, the work object for the work itself gets removed, and causes the use- after-free BUG below: BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250 Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091 CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 Workqueue: 0x0 (iw_cm_wq) Call Trace: <TASK> dump_stack_lvl+0x6a/0x90 print_report+0x174/0x554 ? __virt_addr_valid+0x208/0x430 ? __pwq_activate_work+0x1ff/0x250 kasan_report+0xae/0x170 ? __pwq_activate_work+0x1ff/0x250 __pwq_activate_work+0x1ff/0x250 pwq_dec_nr_in_flight+0x8c5/0xfb0 process_one_work+0xc11/0x1460 ? __pfx_process_one_work+0x10/0x10 ? assign_work+0x16c/0x240 worker_thread+0x5ef/0xfd0 ? __pfx_worker_thread+0x10/0x10 kthread+0x3b0/0x770 ? __pfx_kthread+0x10/0x10 ? rcu_is_watching+0x11/0xb0 ? _raw_spin_unlock_irq+0x24/0x50 ? rcu_is_watching+0x11/0xb0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 147416: kasan_save_stack+0x2c/0x50 kasan_save_track+0x10/0x30 __kasan_kmalloc+0xa6/0xb0 alloc_work_entries+0xa9/0x260 [iw_cm] iw_cm_connect+0x23/0x4a0 [iw_cm] rdma_connect_locked+0xbfd/0x1920 [rdma_cm] nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma] cma_cm_event_handler+0xae/0x320 [rdma_cm] cma_work_handler+0x106/0x1b0 [rdma_cm] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 Freed by task 147091: kasan_save_stack+0x2c/0x50 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kfree+0x13a/0x4b0 dealloc_work_entries+0x125/0x1f0 [iw_cm] iwcm_deref_id+0x6f/0xa0 [iw_cm] cm_work_handler+0x136/0x1ba0 [iw_cm] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 Last potentially related work creation: kasan_save_stack+0x2c/0x50 kasan_record_aux_stack+0xa3/0xb0 __queue_work+0x2ff/0x1390 queue_work_on+0x67/0xc0 cm_event_handler+0x46a/0x820 [iw_cm] siw_cm_upcall+0x330/0x650 [siw] siw_cm_work_handler+0x6b9/0x2b20 [siw] process_one_work+0x84f/0x1460 worker_thread+0x5ef/0xfd0 kthread+0x3b0/0x770 ret_from_fork+0x30/0x70 ret_from_fork_asm+0x1a/0x30 This BUG is reproducible by repeating the blktests test case nvme/061 for the rdma transport and the siw driver. To avoid the use-after-free of cm_id_private work objects, ensure that the last reference to the cm_id is decremented not in the event handler works, but in the cm_id destruction context. For that purpose, mo ---truncated---
7.3 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:15009
Workaround
To mitigate this issue, prevent InfiniBand modules from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically. The names of the modules are: ib_addr, ib_cm, ib_core, ib_mad, ib_sa, ib_ucm, ib_umad, iw_cm.
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_close() for each tipc_conn. The problem is that tipc_conn_close() is called after releasing the IDR lock. At the same time, there might be tipc_conn_recv_work() running and it could call tipc_conn_close() for the same tipc_conn and release its last ->kref. Once we release the IDR lock in tipc_topsrv_stop(), there is no guarantee that the tipc_conn is alive. Let's hold the ref before releasing the lock and put the ref after tipc_conn_close() in tipc_topsrv_stop(). [0]: BUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165 Read of size 8 at addr ffff888099305a08 by task kworker/u4:3/435 CPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: netns cleanup_net Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x1fc/0x2ef lib/dump_stack.c:118 print_address_description.cold+0x54/0x219 mm/kasan/report.c:256 kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354 kasan_report mm/kasan/report.c:412 [inline] __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433 tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165 tipc_topsrv_stop net/tipc/topsrv.c:701 [inline] tipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722 ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153 cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Allocated by task 23: kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625 kmalloc include/linux/slab.h:515 [inline] kzalloc include/linux/slab.h:709 [inline] tipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192 tipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 Freed by task 23: __cache_free mm/slab.c:3503 [inline] kfree+0xcc/0x210 mm/slab.c:3822 tipc_conn_kref_release net/tipc/topsrv.c:150 [inline] kref_put include/linux/kref.h:70 [inline] conn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155 process_one_work+0x864/0x1570 kernel/workqueue.c:2153 worker_thread+0x64c/0x1130 kernel/workqueue.c:2296 kthread+0x33f/0x460 kernel/kthread.c:259 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415 The buggy address belongs to the object at ffff888099305a00 which belongs to the cache kmalloc-512 of size 512 The buggy address is located 8 bytes inside of 512-byte region [ffff888099305a00, ffff888099305c00) The buggy address belongs to the page: page:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0 flags: 0xfff00000000100(slab) raw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940 raw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc >ffff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
7.3 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2025:15009
Workaround
To mitigate this issue, prevent module tipc from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)\n\n* kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15009",
"url": "https://access.redhat.com/errata/RHSA-2025:15009"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2376406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376406"
},
{
"category": "external",
"summary": "2383509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383509"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15009.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2025-12-22T19:53:55+00:00",
"generator": {
"date": "2025-12-22T19:53:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.14"
}
},
"id": "RHSA-2025:15009",
"initial_release_date": "2025-09-02T02:56:44+00:00",
"revision_history": [
{
"date": "2025-09-02T02:56:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-02T02:56:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-12-22T19:53:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"product": {
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"product_id": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.72.1.rt7.413.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-553.72.1.rt7.413.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src"
},
"product_reference": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src"
},
"product_reference": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38211",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376406"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix use-after-free of work objects after cm_id destruction\n\nThe commit 59c68ac31e15 (\"iw_cm: free cm_id resources on the last\nderef\") simplified cm_id resource management by freeing cm_id once all\nreferences to the cm_id were removed. The references are removed either\nupon completion of iw_cm event handlers or when the application destroys\nthe cm_id. This commit introduced the use-after-free condition where\ncm_id_private object could still be in use by event handler works during\nthe destruction of cm_id. The commit aee2424246f9 (\"RDMA/iwcm: Fix a\nuse-after-free related to destroying CM IDs\") addressed this use-after-\nfree by flushing all pending works at the cm_id destruction.\n\nHowever, still another use-after-free possibility remained. It happens\nwith the work objects allocated for each cm_id_priv within\nalloc_work_entries() during cm_id creation, and subsequently freed in\ndealloc_work_entries() once all references to the cm_id are removed.\nIf the cm_id\u0027s last reference is decremented in the event handler work,\nthe work object for the work itself gets removed, and causes the use-\nafter-free BUG below:\n\n BUG: KASAN: slab-use-after-free in __pwq_activate_work+0x1ff/0x250\n Read of size 8 at addr ffff88811f9cf800 by task kworker/u16:1/147091\n\n CPU: 2 UID: 0 PID: 147091 Comm: kworker/u16:1 Not tainted 6.15.0-rc2+ #27 PREEMPT(voluntary)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014\n Workqueue: 0x0 (iw_cm_wq)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6a/0x90\n print_report+0x174/0x554\n ? __virt_addr_valid+0x208/0x430\n ? __pwq_activate_work+0x1ff/0x250\n kasan_report+0xae/0x170\n ? __pwq_activate_work+0x1ff/0x250\n __pwq_activate_work+0x1ff/0x250\n pwq_dec_nr_in_flight+0x8c5/0xfb0\n process_one_work+0xc11/0x1460\n ? __pfx_process_one_work+0x10/0x10\n ? assign_work+0x16c/0x240\n worker_thread+0x5ef/0xfd0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0x3b0/0x770\n ? __pfx_kthread+0x10/0x10\n ? rcu_is_watching+0x11/0xb0\n ? _raw_spin_unlock_irq+0x24/0x50\n ? rcu_is_watching+0x11/0xb0\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x30/0x70\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\n Allocated by task 147416:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n alloc_work_entries+0xa9/0x260 [iw_cm]\n iw_cm_connect+0x23/0x4a0 [iw_cm]\n rdma_connect_locked+0xbfd/0x1920 [rdma_cm]\n nvme_rdma_cm_handler+0x8e5/0x1b60 [nvme_rdma]\n cma_cm_event_handler+0xae/0x320 [rdma_cm]\n cma_work_handler+0x106/0x1b0 [rdma_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Freed by task 147091:\n kasan_save_stack+0x2c/0x50\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x60\n __kasan_slab_free+0x4b/0x70\n kfree+0x13a/0x4b0\n dealloc_work_entries+0x125/0x1f0 [iw_cm]\n iwcm_deref_id+0x6f/0xa0 [iw_cm]\n cm_work_handler+0x136/0x1ba0 [iw_cm]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\n Last potentially related work creation:\n kasan_save_stack+0x2c/0x50\n kasan_record_aux_stack+0xa3/0xb0\n __queue_work+0x2ff/0x1390\n queue_work_on+0x67/0xc0\n cm_event_handler+0x46a/0x820 [iw_cm]\n siw_cm_upcall+0x330/0x650 [siw]\n siw_cm_work_handler+0x6b9/0x2b20 [siw]\n process_one_work+0x84f/0x1460\n worker_thread+0x5ef/0xfd0\n kthread+0x3b0/0x770\n ret_from_fork+0x30/0x70\n ret_from_fork_asm+0x1a/0x30\n\nThis BUG is reproducible by repeating the blktests test case nvme/061\nfor the rdma transport and the siw driver.\n\nTo avoid the use-after-free of cm_id_private work objects, ensure that\nthe last reference to the cm_id is decremented not in the event handler\nworks, but in the cm_id destruction context. For that purpose, mo\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A use-after-free occurs when a cm_id\u0027s last reference is released from within a work item that still depends on it, resulting in a crash in __pwq_activate_work(). This race condition was reproducible via RDMA/siw transport using repeated execution of blktests nvme/061, demonstrating that deallocation of work entries must not occur from within the active work context. The CVSS Privileges Required (PR:L) rating reflects that RDMA stack access is needed, but not full root privileges, to trigger this memory corruption issue. The vulnerability does not lead to information leakage or data corruption, but results in a use-after-free crash within the kernel\u0027s RDMA workqueue processing. Therefore, for the CVSS only availability is impacted and Integrity/Confidentiality are Low (potentially impacted). As the bug causes a kernel panic or crash when triggered, the impact is rated as High on Availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38211"
},
{
"category": "external",
"summary": "RHBZ#2376406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38211"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025070422-CVE-2025-38211-215a@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025070422-CVE-2025-38211-215a@gregkh/T"
}
],
"release_date": "2025-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T02:56:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15009"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent InfiniBand modules from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically. The names of the modules are: ib_addr, ib_cm, ib_core, ib_mad, ib_sa, ib_ucm, ib_umad, iw_cm.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction"
},
{
"cve": "CVE-2025-38464",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383509"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Fix use-after-free in tipc_conn_close().\n\nsyzbot reported a null-ptr-deref in tipc_conn_close() during netns\ndismantle. [0]\n\ntipc_topsrv_stop() iterates tipc_net(net)-\u003etopsrv-\u003econn_idr and calls\ntipc_conn_close() for each tipc_conn.\n\nThe problem is that tipc_conn_close() is called after releasing the\nIDR lock.\n\nAt the same time, there might be tipc_conn_recv_work() running and it\ncould call tipc_conn_close() for the same tipc_conn and release its\nlast -\u003ekref.\n\nOnce we release the IDR lock in tipc_topsrv_stop(), there is no\nguarantee that the tipc_conn is alive.\n\nLet\u0027s hold the ref before releasing the lock and put the ref after\ntipc_conn_close() in tipc_topsrv_stop().\n\n[0]:\nBUG: KASAN: use-after-free in tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\nRead of size 8 at addr ffff888099305a08 by task kworker/u4:3/435\n\nCPU: 0 PID: 435 Comm: kworker/u4:3 Not tainted 4.19.204-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: netns cleanup_net\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x1fc/0x2ef lib/dump_stack.c:118\n print_address_description.cold+0x54/0x219 mm/kasan/report.c:256\n kasan_report_error.cold+0x8a/0x1b9 mm/kasan/report.c:354\n kasan_report mm/kasan/report.c:412 [inline]\n __asan_report_load8_noabort+0x88/0x90 mm/kasan/report.c:433\n tipc_conn_close+0x122/0x140 net/tipc/topsrv.c:165\n tipc_topsrv_stop net/tipc/topsrv.c:701 [inline]\n tipc_topsrv_exit_net+0x27b/0x5c0 net/tipc/topsrv.c:722\n ops_exit_list+0xa5/0x150 net/core/net_namespace.c:153\n cleanup_net+0x3b4/0x8b0 net/core/net_namespace.c:553\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nAllocated by task 23:\n kmem_cache_alloc_trace+0x12f/0x380 mm/slab.c:3625\n kmalloc include/linux/slab.h:515 [inline]\n kzalloc include/linux/slab.h:709 [inline]\n tipc_conn_alloc+0x43/0x4f0 net/tipc/topsrv.c:192\n tipc_topsrv_accept+0x1b5/0x280 net/tipc/topsrv.c:470\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nFreed by task 23:\n __cache_free mm/slab.c:3503 [inline]\n kfree+0xcc/0x210 mm/slab.c:3822\n tipc_conn_kref_release net/tipc/topsrv.c:150 [inline]\n kref_put include/linux/kref.h:70 [inline]\n conn_put+0x2cd/0x3a0 net/tipc/topsrv.c:155\n process_one_work+0x864/0x1570 kernel/workqueue.c:2153\n worker_thread+0x64c/0x1130 kernel/workqueue.c:2296\n kthread+0x33f/0x460 kernel/kthread.c:259\n ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415\n\nThe buggy address belongs to the object at ffff888099305a00\n which belongs to the cache kmalloc-512 of size 512\nThe buggy address is located 8 bytes inside of\n 512-byte region [ffff888099305a00, ffff888099305c00)\nThe buggy address belongs to the page:\npage:ffffea000264c140 count:1 mapcount:0 mapping:ffff88813bff0940 index:0x0\nflags: 0xfff00000000100(slab)\nraw: 00fff00000000100 ffffea00028b6b88 ffffea0002cd2b08 ffff88813bff0940\nraw: 0000000000000000 ffff888099305000 0000000100000006 0000000000000000\npage dumped because: kasan: bad access detected\n\nMemory state around the buggy address:\n ffff888099305900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n\u003effff888099305a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ^\n ffff888099305a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n ffff888099305b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: tipc: Fix use-after-free in tipc_conn_close()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Use-After-Free vulnerability was found in tipc_conn_close() in the TIPC subsystem during the cleanup of network namespaces. The race condition between tipc_topsrv_stop() and tipc_conn_recv_work() could result in accessing a freed tipc_conn structure, leading to kernel crash or potential memory corruption. The bug was triggered by syzbot and fixed by ensuring proper reference counting.\n\nThe most straightforward exploitation scenario is a local Denial of Service (DoS), where an unprivileged user with the ability to create user and network namespaces spawns TIPC connections and then triggers network namespace teardown, creating a race condition that causes a use-after-free in tipc_conn_close(). This reliably leads to a kernel panic.\n\nA hypothetical future scenario involves local privilege escalation, if the attacker can win the race and reallocate the freed object in a controlled way (e.g., via kmalloc-512 slab reusage), leading to memory corruption or hijacking of kernel control flow.\n\nImportantly, this can be triggered without root privileges if the system allows unprivileged creation of user and net namespaces, which is the case on many Linux distributions (/proc/sys/user/max_user_namespaces \u003e 0 and kernel.unprivileged_userns_clone=1).\nIn such environments, a regular user can execute the TIPC socket creation, manipulate netns teardown, and provoke the race condition required for exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38464"
},
{
"category": "external",
"summary": "RHBZ#2383509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38464"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025072508-CVE-2025-38464-44a1@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025072508-CVE-2025-38464-44a1@gregkh/T"
}
],
"release_date": "2025-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-02T02:56:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15009"
},
{
"category": "workaround",
"details": "To mitigate this issue, prevent module tipc from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.72.1.rt7.413.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: tipc: Fix use-after-free in tipc_conn_close()"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…