Threat Intelligence Database

Multiple use-after-free vulnerabilities have been identified in the Linux kernel packages used by Red Hat Enterprise Linux 8. These vulnerabilities affect components such as page_pool, bridge multicast, smc, mlxsw spectrum_mr, and the teql queueing discipline. One of these issues (CVE-2026-23074) can lead to privilege escalation. Red Hat has issued a security advisory (RHSA-2026:3083) addressing these vulnerabilities with an important kernel update. Systems must be rebooted after applying the update for the fixes to take effect.

This advisory addresses multiple moderate severity vulnerabilities in the Linux kernel packages used by Red Hat Enterprise Linux 10. The issues include a double free vulnerability in the exFAT filesystem (CVE-2025-38206), a potential double free in the DRM scheduler (CVE-2025-40096), a fix in the SMC module for socket destination handling (CVE-2025-40168), and a use-after-free in the mlxsw multicast route stats update (CVE-2025-68800). These vulnerabilities can lead to denial of service or memory corruption. Red Hat has released security updates that fix these issues, and a system reboot is required to apply the updates. The advisory covers multiple architectures and product variants of Red Hat Enterprise Linux 10.

Red Hat has released a moderate severity security advisory addressing two vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 9. The first vulnerability (CVE-2025-39818) involves incorrect pointer arithmetic in the intel-thc HID driver. The second (CVE-2025-68800) is a use-after-free flaw in the mlxsw spectrum_mr component affecting multicast route statistics. These issues are fixed in updated kernel packages, and a system reboot is required to apply the updates.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net: openvswitch: fix nested key length validation in the set() action (CVE-2025-37789) * kernel: Linux kernel: irqchip/gic-v2m use-after-free vulnerability (CVE-2025-37819) * kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CVE-2025-38022) * kernel: Linux kernel: RDMA/rxe use-after-free vulnerability leading to potential arbitrary code execution (CVE-2025-38024) * kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415) * kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it (CVE-2025-38403) * kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459) * kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling (CVE-2025-38730) * kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760) * kernel: net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170) * kernel: ipv6: use RCU in ip6_xmit() (CVE-2025-40135) * kernel: Bluetooth: ISO: Fix possible UAF on iso_conn_free (CVE-2025-40141) * kernel: ipv6: use RCU in ip6_output() (CVE-2025-40158) * kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271) * kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service (CVE-2025-40269) * kernel: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CVE-2025-40318) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508) * kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.20.25. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2026:25192 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ Security Fix(es): * kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645) * kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (CVE-2025-40096) * kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800) * kernel: macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat has issued a moderate severity security advisory for the Linux kernel in Red Hat Enterprise Linux 10. The update addresses two vulnerabilities: a use-after-free flaw in nf_tables_addchain() (CVE-2026-23231) and a double free vulnerability in the qla2xxx driver (CVE-2025-71238). Both vulnerabilities could lead to privilege escalation or denial of service. The update requires a system reboot to take effect.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 8. The issues include race conditions, use-after-free, and double free vulnerabilities affecting various kernel components such as nouveau, iscsi target, nf_tables, and qla2xxx drivers. These vulnerabilities can lead to privilege escalation or denial of service. The update is rated as having a moderate security impact. Systems must be updated and rebooted to apply the fixes.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 10.0 Extended Update Support. The issues include a local denial of service and memory leak in DAMON sysfs (CVE-2026-23144), a use-after-free vulnerability in the bonding module that may cause system crashes or arbitrary code execution (CVE-2026-23171), a kernel network scheduler fix (CVE-2026-23204), and a double free vulnerability in the qla2xxx driver that can lead to denial of service and potential privilege escalation (CVE-2025-71238). The update is rated as having moderate security impact and requires a system reboot after installation. The advisory provides updated kernel packages to remediate these issues.