This Red Hat security advisory (RHSA-2025:9080) addresses seven vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9 and related distributions. The fixes include: correcting truesize handling in the bnxt ethernet driver (CVE-2025-21961), resolving a slab-use-after-free read in Bluetooth L2CAP command sending (CVE-2025-21969), fixing an integer overflow in CIFS mount option processing (CVE-2025-21963), cancelling wiphy work before freeing wifi device structures (CVE-2025-21979), fixing use-after-free in proc_get_inode() (CVE-2025-21999), correcting a use-after-free while iterating mddev lists (CVE-2025-22126), and fixing use-after-free in SMB client decryption with multichannel (CVE-2025-37750). These vulnerabilities affect kernel subsystems critical to networking, filesystem, and device management. The advisory instructs users to apply the update and reboot to mitigate these issues.

The vulnerabilities impact the Linux kernel core components, potentially leading to memory corruption issues such as use-after-free and integer overflow. These flaws could affect system stability, security, and confidentiality by enabling unintended behavior in kernel subsystems including networking drivers, Bluetooth, CIFS filesystem, proc filesystem, MD device management, and SMB client. The vendor rates the overall security impact as Important (high severity). There are no known exploits in the wild at the time of this advisory.

Red Hat has released an official security update for the Linux kernel packages addressing these vulnerabilities. Users of Red Hat Enterprise Linux 9 and related variants should apply the kernel update as provided in advisory RHSA-2025:9080. A system reboot is required for the update to take effect. Refer to https://access.redhat.com/articles/11258 for detailed update instructions. No additional mitigation steps are indicated by the vendor.