Red Hat Security Advisory: kpatch-patch-4_18_0-372_118_1, kpatch-patch-4_18_0-372_131_1, kpatch-patch-4_18_0-372_137_1, and kpatch-patch-4_18_0-372_145_1 security update
This security advisory from Red Hat addresses multiple vulnerabilities in the kernel live patch module for kernel version 4.18.0-372.118.1.el8_6. The fixes include a use-after-free vulnerability in the net_sched hfsc class with netem as child qdisc, reentrant enqueue issues, queue length accounting bugs, notification handling when child classes become empty, and an initialization issue in the i2c/designware driver. The update requires a system reboot to take effect and targets Red Hat Enterprise Linux 8.6 variants.
AI Analysis
Technical Summary
The advisory covers security fixes for the kpatch live patch module targeting kernel-4.18.0-372.118.1.el8_6 in Red Hat Enterprise Linux 8.6. It addresses five CVEs: CVE-2025-37890 (use-after-free in net_sched hfsc class with netem child qdisc), CVE-2025-38001 (reentrant enqueue adding class to eltree twice), CVE-2025-38000 (queue length accounting bug in hfsc_enqueue), CVE-2025-38350 (notification passing when child class becomes empty), and CVE-2025-38380 (initialization issue in i2c/designware). These vulnerabilities affect kernel scheduling and device initialization components. The advisory provides updated kpatch-patch packages and requires rebooting the system to apply the fixes.
Potential Impact
The vulnerabilities include a use-after-free condition and logic errors in kernel scheduling components that could lead to instability or potential privilege escalation if exploited. The initialization issue in the i2c/designware driver may affect device operation. The overall security impact is rated as Important by Red Hat, indicating significant risk if unpatched. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated kpatch-patch packages for the affected kernel version 4.18.0-372.118.1.el8_6. Users should apply these updates as provided by Red Hat and reboot their systems to ensure the patches take effect. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigations are indicated by the vendor advisory.
Red Hat Security Advisory: kpatch-patch-4_18_0-372_118_1, kpatch-patch-4_18_0-372_131_1, kpatch-patch-4_18_0-372_137_1, and kpatch-patch-4_18_0-372_145_1 security update
Description
This security advisory from Red Hat addresses multiple vulnerabilities in the kernel live patch module for kernel version 4.18.0-372.118.1.el8_6. The fixes include a use-after-free vulnerability in the net_sched hfsc class with netem as child qdisc, reentrant enqueue issues, queue length accounting bugs, notification handling when child classes become empty, and an initialization issue in the i2c/designware driver. The update requires a system reboot to take effect and targets Red Hat Enterprise Linux 8.6 variants.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The advisory covers security fixes for the kpatch live patch module targeting kernel-4.18.0-372.118.1.el8_6 in Red Hat Enterprise Linux 8.6. It addresses five CVEs: CVE-2025-37890 (use-after-free in net_sched hfsc class with netem child qdisc), CVE-2025-38001 (reentrant enqueue adding class to eltree twice), CVE-2025-38000 (queue length accounting bug in hfsc_enqueue), CVE-2025-38350 (notification passing when child class becomes empty), and CVE-2025-38380 (initialization issue in i2c/designware). These vulnerabilities affect kernel scheduling and device initialization components. The advisory provides updated kpatch-patch packages and requires rebooting the system to apply the fixes.
Potential Impact
The vulnerabilities include a use-after-free condition and logic errors in kernel scheduling components that could lead to instability or potential privilege escalation if exploited. The initialization issue in the i2c/designware driver may affect device operation. The overall security impact is rated as Important by Red Hat, indicating significant risk if unpatched. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated kpatch-patch packages for the affected kernel version 4.18.0-372.118.1.el8_6. Users should apply these updates as provided by Red Hat and reboot their systems to ensure the patches take effect. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigations are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:16580
- Cve Count
- 5
- Additional Cves
- ["CVE-2025-38000","CVE-2025-38001","CVE-2025-38350","CVE-2025-38380"]
- Cvss Version
- null
Threat ID: 6a3caf104853345fc153cae8
Added to database: 06/25/2026, 04:31:12 UTC
Last enriched: 06/25/2026, 05:01:08 UTC
Last updated: 06/25/2026, 05:20:49 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.