Red Hat Security Advisory: kernel security update
This advisory addresses two moderate severity vulnerabilities in the Linux kernel packages used by Red Hat Enterprise Linux 8. The first vulnerability (CVE-2024-50154) involves improper use of timer_pending() in the tcp/dccp subsystem. The second (CVE-2025-38086) concerns uninitialized access during mii_nway_restart in the ch9200 network driver. These issues are fixed in updated kernel packages that require a system reboot to take effect.
AI Analysis
Technical Summary
Red Hat Product Security issued an advisory (RHSA-2025:11455) for a kernel security update affecting Red Hat Enterprise Linux 8. It fixes two vulnerabilities: CVE-2024-50154, which corrects the use of timer_pending() in reqsk_queue_unlink() within the tcp/dccp kernel code, and CVE-2025-38086, which resolves uninitialized memory access during mii_nway_restart in the ch9200 network driver. The advisory rates the impact as moderate and provides updated kernel packages for multiple architectures including x86_64, s390x, ppc64le, and aarch64. The update requires a system reboot to apply the fixes.
Potential Impact
The vulnerabilities affect the Linux kernel core components, potentially leading to issues such as use-after-free (CWE-416) and uninitialized memory access (CWE-908). The advisory classifies the security impact as moderate. No known exploits in the wild have been reported. The issues could affect system stability or security if exploited, but no detailed impact scenarios are provided.
Mitigation Recommendations
Red Hat has released updated kernel packages that address these vulnerabilities. Users should apply the kernel update as described in the Red Hat advisory and reboot their systems to activate the fixes. The advisory provides detailed instructions and package links. No alternative mitigations are indicated.
Red Hat Security Advisory: kernel security update
Description
This advisory addresses two moderate severity vulnerabilities in the Linux kernel packages used by Red Hat Enterprise Linux 8. The first vulnerability (CVE-2024-50154) involves improper use of timer_pending() in the tcp/dccp subsystem. The second (CVE-2025-38086) concerns uninitialized access during mii_nway_restart in the ch9200 network driver. These issues are fixed in updated kernel packages that require a system reboot to take effect.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Product Security issued an advisory (RHSA-2025:11455) for a kernel security update affecting Red Hat Enterprise Linux 8. It fixes two vulnerabilities: CVE-2024-50154, which corrects the use of timer_pending() in reqsk_queue_unlink() within the tcp/dccp kernel code, and CVE-2025-38086, which resolves uninitialized memory access during mii_nway_restart in the ch9200 network driver. The advisory rates the impact as moderate and provides updated kernel packages for multiple architectures including x86_64, s390x, ppc64le, and aarch64. The update requires a system reboot to apply the fixes.
Potential Impact
The vulnerabilities affect the Linux kernel core components, potentially leading to issues such as use-after-free (CWE-416) and uninitialized memory access (CWE-908). The advisory classifies the security impact as moderate. No known exploits in the wild have been reported. The issues could affect system stability or security if exploited, but no detailed impact scenarios are provided.
Mitigation Recommendations
Red Hat has released updated kernel packages that address these vulnerabilities. Users should apply the kernel update as described in the Red Hat advisory and reboot their systems to activate the fixes. The advisory provides detailed instructions and package links. No alternative mitigations are indicated.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:11455
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-38086"]
- Cvss Version
- null
Threat ID: 6a3caf134853345fc153dd1f
Added to database: 06/25/2026, 04:31:15 UTC
Last enriched: 06/25/2026, 04:46:48 UTC
Last updated: 06/25/2026, 05:00:48 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.