This Red Hat security advisory (RHSA-2025:22405) addresses eight distinct vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9 and related products. The fixes cover issues such as failure handling in NFS daemon client ID confirmation (CVE-2025-38724), use-after-free in WiFi cfg80211 component (CVE-2025-39864), heap overflow in the e1000e network driver (CVE-2025-39898), linked list corruption in the mt76 WiFi driver (CVE-2025-39918), TCP fast open socket clearing on disconnect (CVE-2025-39955), possible use-after-free in Bluetooth management (CVE-2025-39981), disallowing dirty tracking in IOMMU when page walks are incoherent (CVE-2025-40058), and proper release of adapter allocation entries in the ice driver (CVE-2025-40185). These vulnerabilities involve memory safety and resource management issues that could potentially lead to system instability or security risks. The advisory recommends updating to the fixed kernel packages and rebooting the system to apply the patches.

The vulnerabilities affect the Linux kernel, which is the core of the operating system, potentially leading to memory corruption issues such as use-after-free, heap overflow, and linked list corruption. These could result in system crashes, denial of service, or other unintended behavior. The advisory rates the overall impact as moderate. There are no known exploits in the wild at the time of publication. The issues affect multiple kernel subsystems including networking, wireless, Bluetooth, and IOMMU components.

Red Hat has released updated kernel packages that address these vulnerabilities. Users of affected Red Hat Enterprise Linux 9 versions and related products should apply the available kernel updates as detailed in the Red Hat advisory RHSA-2025:22405. A system reboot is required for the updates to take effect. Patch status is confirmed by the vendor advisory. No additional mitigations are indicated beyond applying the official fixes.