Red Hat Security Advisory: kernel security update
This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9. The update fixes issues including use-after-free bugs, race conditions, buffer overflows, and initialization problems across various kernel subsystems such as BPF, huge pages, networking, WiFi, Bluetooth, I2C, and TLS. The advisory rates the overall security impact as Important and requires a system reboot after applying the update.
AI Analysis
Technical Summary
The advisory covers a set of nine CVEs affecting the Linux kernel in Red Hat Enterprise Linux 9. These include a use-after-free vulnerability in eth_skb_pkt_type() (CVE-2025-21867), a microcode_ctl issue (CVE-2024-28956), race conditions in huge page table management (CVE-2025-38084, CVE-2025-38085), a UDP GSO skb_segment fix (CVE-2025-38124), a WiFi buffer size fix to prevent out-of-bounds reads (CVE-2025-38159), a Bluetooth use-after-free in vhci_flush() (CVE-2025-38250), an I2C initialization fix (CVE-2025-38380), and a TLS socket queue refresh fix (CVE-2025-38471). These vulnerabilities affect core kernel functionality and require patching to prevent potential stability or security issues. The advisory provides updated kernel packages and mandates rebooting the system to apply the fixes.
Potential Impact
The vulnerabilities collectively impact the Linux kernel's stability and security, potentially allowing use-after-free conditions, race conditions, and out-of-bounds memory access. These issues could lead to system crashes, privilege escalation, or information disclosure if exploited. The advisory rates the security impact as Important, indicating a high risk to affected systems if unpatched.
Mitigation Recommendations
An official security update is available from Red Hat for Red Hat Enterprise Linux 9. Users should apply the kernel update provided in advisory RHSA-2025:13962 and reboot their systems to ensure the fixes take effect. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified beyond applying the official patch and rebooting.
Red Hat Security Advisory: kernel security update
Description
This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9. The update fixes issues including use-after-free bugs, race conditions, buffer overflows, and initialization problems across various kernel subsystems such as BPF, huge pages, networking, WiFi, Bluetooth, I2C, and TLS. The advisory rates the overall security impact as Important and requires a system reboot after applying the update.
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The advisory covers a set of nine CVEs affecting the Linux kernel in Red Hat Enterprise Linux 9. These include a use-after-free vulnerability in eth_skb_pkt_type() (CVE-2025-21867), a microcode_ctl issue (CVE-2024-28956), race conditions in huge page table management (CVE-2025-38084, CVE-2025-38085), a UDP GSO skb_segment fix (CVE-2025-38124), a WiFi buffer size fix to prevent out-of-bounds reads (CVE-2025-38159), a Bluetooth use-after-free in vhci_flush() (CVE-2025-38250), an I2C initialization fix (CVE-2025-38380), and a TLS socket queue refresh fix (CVE-2025-38471). These vulnerabilities affect core kernel functionality and require patching to prevent potential stability or security issues. The advisory provides updated kernel packages and mandates rebooting the system to apply the fixes.
Potential Impact
The vulnerabilities collectively impact the Linux kernel's stability and security, potentially allowing use-after-free conditions, race conditions, and out-of-bounds memory access. These issues could lead to system crashes, privilege escalation, or information disclosure if exploited. The advisory rates the security impact as Important, indicating a high risk to affected systems if unpatched.
Mitigation Recommendations
An official security update is available from Red Hat for Red Hat Enterprise Linux 9. Users should apply the kernel update provided in advisory RHSA-2025:13962 and reboot their systems to ensure the fixes take effect. Detailed update instructions are available at https://access.redhat.com/articles/11258. No additional mitigations are specified beyond applying the official patch and rebooting.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:13962
- Cve Count
- 9
- Additional Cves
- ["CVE-2025-21867","CVE-2025-38084","CVE-2025-38085","CVE-2025-38124","CVE-2025-38159","CVE-2025-38250","CVE-2025-38380","CVE-2025-38471"]
- Cvss Version
- null
Threat ID: 6a3da1e54853345fc182dd75
Added to database: 06/25/2026, 21:47:17 UTC
Last enriched: 06/25/2026, 22:33:18 UTC
Last updated: 07/02/2026, 20:51:13 UTC
Views: 17
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.