This Red Hat security advisory addresses nine vulnerabilities in the Linux kernel affecting Red Hat Enterprise Linux 10 and related distributions. The fixes include resolving an uninitialized variable causing kernel oops in CIFS (CVE-2025-38737), implementing a notification handler in CAN J1939 (CVE-2025-39925), multiple use-after-free bugs in Bluetooth components (CVE-2025-39981, CVE-2025-39982, CVE-2025-39983), a use-after-free in mlx5 flow counter release (CVE-2025-39979), pruning wait queue entries in io_uring (CVE-2025-40047), disallowing dirty tracking in iommu/vt-d under incoherent page walks (CVE-2025-40058), and fixing adapter allocation failure handling in the ice driver (CVE-2025-40185). These vulnerabilities are collectively rated as moderate in severity by Red Hat. The advisory references updated kernel packages and requires rebooting affected systems to apply the fixes.

The vulnerabilities fixed by this advisory could lead to kernel crashes (oops), use-after-free conditions, and improper memory handling within the kernel. These issues may affect system stability and security but are rated as moderate in impact by Red Hat. No evidence of active exploitation in the wild has been reported. The affected components include networking protocols (CIFS, CAN J1939), Bluetooth subsystems, device drivers (mlx5, ice), and kernel I/O mechanisms (io_uring, iommu/vt-d).

Red Hat has released updated kernel packages that address all listed vulnerabilities. Users of Red Hat Enterprise Linux 10 and related products should apply the security update as detailed in the Red Hat advisory RHSA-2025:22854. A system reboot is required for the update to take effect. There are no indications that additional mitigations beyond applying the official patch and rebooting are necessary.