RHSA-2026:3634
Vulnerability from csaf_redhat - Published: 2026-03-03 09:54 - Updated: 2026-03-13 01:10Summary
Red Hat Security Advisory: kernel-rt security update
Severity
Important
Notes
Topic: An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)
* kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)
* kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)
* kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)
* kernel: media: rc: fix races with imon_disconnect() (CVE-2025-39993)
* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)
* kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)
* kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A use-after-free vulnerability was found in the ext4 filesystem's orphan inode cleanup routine in the Linux kernel. When ext4_inode_attach_jinode() fails with -ENOMEM during orphan cleanup at mount time, the error is not properly propagated. The inode is freed via iput(), but the orphan list still references the same inode number. On the next loop iteration, the freed inode structure is reused, triggering a use-after-free when adding it to the orphan list.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
A flaw was found in the Linux kernel's Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control (ioctl) command. This can lead to an incorrect block size calculation, causing a shift-out-of-bounds error. This memory corruption vulnerability can result in a denial of service or potentially lead to more severe system compromise.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
A flaw was found in the Linux kernel's Asynchronous Transfer Mode (ATM) Classical IP (CLIP) module. A local user can trigger an infinite recursive call in the `clip_push()` function by repeatedly calling the `ioctl(ATMARP_MKIP)` system call. This vulnerability occurs when the socket is closed, leading to stack exhaustion and a kernel crash, resulting in a Denial of Service (DoS).
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Linux kernel's USB core configuration parsing. Specifically, the `usb_parse_ss_endpoint_companion()` function incorrectly checks the descriptor type before its length, which can lead to reading data beyond the intended buffer. This out-of-bounds read vulnerability could allow a local attacker to cause a system crash, resulting in a Denial of Service (DoS).
7.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A slab-out-of-bounds exists in the linux kernel in efivarfs_d_compare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A use-after-free flaw exists in the Linux kernel’s media/rc subsystem. When the device is disconnected via imon_disconnect(), the driver may unconditionally release a usb_device reference (via usb_put_dev) even while other operations (such as vfd_write, send_packet, display_open, lcd_write) are still in progress. Because the pointers usbdev_intf0/usbdev_intf1 are not properly protected by a users-counter or locking, this situation can lead to a use-after-free of the usb_device pointer and therefore memory corruption or kernel stability issues
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the Linux kernel. This use-after-free (UAF) vulnerability occurs in the `proc_readdir_de()` function within the `/proc` filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead to a use-after-free condition, potentially resulting in information disclosure, privilege escalation, or a denial of service (DoS).
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system.
7.5 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
Workaround
If NFS service not being used, then disable it to prevent possibility of triggering this bug (and usually it is disabled by default):
sudo systemctl stop nfs-server
sudo systemctl disable nfs-server
A flaw was found in the Linux kernel's networking component. A local attacker with low privileges could exploit a design issue in the teql queueing discipline, which is responsible for managing network traffic. By sending specially crafted network packets, an attacker could trigger a use-after-free (UAF) vulnerability, which is a type of memory corruption. This could lead to a system crash, or potentially allow the attacker to execute unauthorized code or gain elevated system access.
7.0 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
https://access.redhat.com/errata/RHSA-2026:3634
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)\n\n* kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)\n\n* kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)\n\n* kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CVE-2025-39817)\n\n* kernel: media: rc: fix races with imon_disconnect() (CVE-2025-39993)\n\n* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)\n\n* kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)\n\n* kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)\n\n* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3634",
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2383404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383404"
},
{
"category": "external",
"summary": "2383487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383487"
},
{
"category": "external",
"summary": "2394601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394601"
},
{
"category": "external",
"summary": "2395805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395805"
},
{
"category": "external",
"summary": "2404121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404121"
},
{
"category": "external",
"summary": "2419837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419837"
},
{
"category": "external",
"summary": "2420347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420347"
},
{
"category": "external",
"summary": "2424880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424880"
},
{
"category": "external",
"summary": "2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3634.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2026-03-13T01:10:32+00:00",
"generator": {
"date": "2026-03-13T01:10:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3634",
"initial_release_date": "2026-03-03T09:54:06+00:00",
"revision_history": [
{
"date": "2026-03-03T09:54:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-03T09:54:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-13T01:10:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras_rt_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"product": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"product_id": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.147.1.rt56.1299.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_id": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.10.0-1160.147.1.rt56.1299.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"product": {
"name": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"product_id": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.10.0-1160.147.1.rt56.1299.el7?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src"
},
"product_reference": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch"
},
"product_reference": "kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64 as a component of Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"product_id": "7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"relates_to_product_reference": "7Server-RT-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-50673",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2420347"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in the ext4 filesystem\u0027s orphan inode cleanup routine in the Linux kernel. When ext4_inode_attach_jinode() fails with -ENOMEM during orphan cleanup at mount time, the error is not properly propagated. The inode is freed via iput(), but the orphan list still references the same inode number. On the next loop iteration, the freed inode structure is reused, triggering a use-after-free when adding it to the orphan list.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ext4: fix use-after-free in ext4_orphan_cleanup",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during ext4 filesystem mount when memory allocation fails at a specific point in orphan inode processing. Exploitation requires local access to mount ext4 filesystems and the ability to induce memory pressure during the mount operation, making practical exploitation difficult.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-50673"
},
{
"category": "external",
"summary": "RHBZ#2420347",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2420347"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-50673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-50673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-50673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50673"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50673-f920@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120947-CVE-2022-50673-f920@gregkh/T"
}
],
"release_date": "2025-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: ext4: fix use-after-free in ext4_orphan_cleanup"
},
{
"cve": "CVE-2025-38415",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"discovery_date": "2025-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383404"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s Squashfs filesystem. A local attacker can exploit this vulnerability by simultaneously mounting a Squashfs filesystem and issuing a specific input/output control (ioctl) command. This can lead to an incorrect block size calculation, causing a shift-out-of-bounds error. This memory corruption vulnerability can result in a denial of service or potentially lead to more severe system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38415"
},
{
"category": "external",
"summary": "RHBZ#2383404",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383404"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38415"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38415",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38415"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025072513-CVE-2025-38415-c634@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025072513-CVE-2025-38415-c634@gregkh/T"
}
],
"release_date": "2025-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation"
},
{
"cve": "CVE-2025-38459",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2025-07-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383487"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s Asynchronous Transfer Mode (ATM) Classical IP (CLIP) module. A local user can trigger an infinite recursive call in the `clip_push()` function by repeatedly calling the `ioctl(ATMARP_MKIP)` system call. This vulnerability occurs when the socket is closed, leading to stack exhaustion and a kernel crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38459"
},
{
"category": "external",
"summary": "RHBZ#2383487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383487"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38459"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38459-e941@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025072507-CVE-2025-38459-e941@gregkh/T"
}
],
"release_date": "2025-07-25T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion"
},
{
"cve": "CVE-2025-39760",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2394601"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s USB core configuration parsing. Specifically, the `usb_parse_ss_endpoint_companion()` function incorrectly checks the descriptor type before its length, which can lead to reading data beyond the intended buffer. This out-of-bounds read vulnerability could allow a local attacker to cause a system crash, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39760"
},
{
"category": "external",
"summary": "RHBZ#2394601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2394601"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39760",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39760"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39760",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39760"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39760-2d5f@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091145-CVE-2025-39760-2d5f@gregkh/T"
}
],
"release_date": "2025-09-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing"
},
{
"cve": "CVE-2025-39817",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-09-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395805"
}
],
"notes": [
{
"category": "description",
"text": "A slab-out-of-bounds exists in the linux kernel in efivarfs_d_compare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39817"
},
{
"category": "external",
"summary": "RHBZ#2395805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39817"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39817",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39817"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39817-90b7@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025091615-CVE-2025-39817-90b7@gregkh/T"
}
],
"release_date": "2025-09-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare"
},
{
"cve": "CVE-2025-39993",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-10-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404121"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free flaw exists in the Linux kernel\u2019s media/rc subsystem. When the device is disconnected via imon_disconnect(), the driver may unconditionally release a usb_device reference (via usb_put_dev) even while other operations (such as vfd_write, send_packet, display_open, lcd_write) are still in progress. Because the pointers usbdev_intf0/usbdev_intf1 are not properly protected by a users-counter or locking, this situation can lead to a use-after-free of the usb_device pointer and therefore memory corruption or kernel stability issues",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: media: rc: fix races with imon_disconnect()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-39993"
},
{
"category": "external",
"summary": "RHBZ#2404121",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404121"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-39993",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39993"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025101527-CVE-2025-39993-caef@gregkh/T"
}
],
"release_date": "2025-10-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: media: rc: fix races with imon_disconnect()"
},
{
"cve": "CVE-2025-40271",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-12-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419837"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. This use-after-free (UAF) vulnerability occurs in the `proc_readdir_de()` function within the `/proc` filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead to a use-after-free condition, potentially resulting in information disclosure, privilege escalation, or a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability is a race condition in /proc directory enumeration, where a proc_dir_entry can be freed after rb_erase() but still referenced because the rbtree node is not cleared. A local unprivileged attacker can trigger a use-after-free by running getdents() (that calls proc_readdir_de()) in parallel with rapid creation and removal of network-related proc entries (e.g., tun devices). In practice this leads to a kernel NULL-pointer dereference or slab-UAF crash. Reliable exploitation beyond denial-of-service is unlikely due to the narrow timing window, but theoretically possible.\nThe bug could be triggered by the local attacker with the ability to create and remove network devices (e.g. CAP_NET_ADMIN).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40271"
},
{
"category": "external",
"summary": "RHBZ#2419837",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419837"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40271"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40271-7612@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025120716-CVE-2025-40271-7612@gregkh/T"
}
],
"release_date": "2025-12-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service."
},
{
"cve": "CVE-2025-68349",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2025-12-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2424880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This bug is caused by a stale state flag (NFS_INO_LAYOUTCOMMIT) remaining set after the pNFS layout has been invalidated, leading to a NULL pointer dereference during layout commit handling. The issue results in a kernel crash when specific NFS writeback paths are executed. As it involves no memory corruption or attacker-controlled data, it represents a denial-of-service condition only.\nThe issue is triggered by a connected NFS client through normal pNFS writeback flows and affects the NFS server kernel, requiring an established NFSv4 session rather than unauthenticated network access.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68349"
},
{
"category": "external",
"summary": "RHBZ#2424880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2424880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68349"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68349-12d5@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025122453-CVE-2025-68349-12d5@gregkh/T"
}
],
"release_date": "2025-12-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "workaround",
"details": "If NFS service not being used, then disable it to prevent possibility of triggering this bug (and usually it is disabled by default):\nsudo systemctl stop nfs-server\nsudo systemctl disable nfs-server",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid"
},
{
"cve": "CVE-2026-23074",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s networking component. A local attacker with low privileges could exploit a design issue in the teql queueing discipline, which is responsible for managing network traffic. By sending specially crafted network packets, an attacker could trigger a use-after-free (UAF) vulnerability, which is a type of memory corruption. This could lead to a system crash, or potentially allow the attacker to execute unauthorized code or gain elevated system access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23074"
},
{
"category": "external",
"summary": "RHBZ#2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T"
}
],
"release_date": "2026-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-03T09:54:06+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.src",
"7Server-RT-ELS:kernel-rt-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debug-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-debuginfo-common-x86_64-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-doc-0:3.10.0-1160.147.1.rt56.1299.el7.noarch",
"7Server-RT-ELS:kernel-rt-trace-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-debuginfo-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64",
"7Server-RT-ELS:kernel-rt-trace-devel-0:3.10.0-1160.147.1.rt56.1299.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…