Red Hat issued a security advisory for kernel live patch modules targeting kernel-4.18.0-372.118.1.el8_6 to fix two vulnerabilities: CVE-2025-38052, a slab-use-after-free read in the tipc_aead_encrypt_done function of the TIPC networking stack, and CVE-2025-38352, a race condition between handle_posix_cpu_timers() and posix_cpu_timer_del() in POSIX CPU timers. These vulnerabilities could lead to memory corruption and race condition issues within the kernel. The advisory provides updated kpatch modules to remediate these flaws, requiring a system reboot to fully apply the fixes. The update is classified as important by Red Hat and affects Red Hat Enterprise Linux 8.6 variants including Extended Update Support and Update Services for SAP Solutions on x86_64 and ppc64le architectures.

The use-after-free vulnerability (CVE-2025-38052) in the TIPC network code may allow an attacker to cause memory corruption, potentially leading to system instability or privilege escalation. The race condition (CVE-2025-38352) in POSIX CPU timers could result in improper timer handling, potentially causing unexpected behavior or denial of service. Both issues affect kernel stability and security, warranting prompt remediation. No known exploits in the wild have been reported at this time.

Red Hat has released updated kernel live patch modules (kpatch-patch-4_18_0-372_118_1 and subsequent versions) that fix these vulnerabilities. Applying these patches and rebooting the system is required to fully remediate the issues. Refer to Red Hat's official update guide at https://access.redhat.com/articles/11258 for detailed patch application instructions. No alternative mitigations or workarounds are specified. Systems should be updated promptly to reduce risk.