Threats Tagged 'cve-2025-38000'

This advisory addresses three security vulnerabilities in the Linux kernel's sch_hfsc and net/sched components affecting Red Hat Enterprise Linux 7.7. The issues include a queue length accounting bug, a non-idempotent notification function, and missing notifications when a child class becomes empty. These flaws have been rated with an Important security impact by Red Hat. A kernel update is available to fix these vulnerabilities, and a system reboot is required to apply the update.

This advisory addresses multiple security vulnerabilities in the Red Hat Enterprise Linux kernel live patch module kpatch-patch-5_14_0-570_17_1, targeted for kernel-5.14.0-570.17.1.el9_6. The fixes include a use-after-free vulnerability in the net_sched hfsc class with netem as child qdisc, reentrant enqueue issues, queue length accounting bugs, notification handling when child classes become empty, and an initialization issue in the i2c/designware driver. The update requires a system reboot to take effect and is rated as having an important security impact by Red Hat. No CVSS scores are provided in the advisory.

This Red Hat security advisory addresses multiple vulnerabilities in the kernel live patch module targeted for kernel-5.14.0-284.104.1.el9_2. The fixes include a use-after-free vulnerability in the net_sched hfsc class with netem as child qdisc, reentrant enqueue issues, queue length accounting bugs, notification handling when child classes become empty, and an initialization issue in the i2c/designware driver. The update requires a system reboot to take effect and is rated as important by Red Hat Product Security.

Multiple security vulnerabilities affecting the Red Hat Enterprise Linux 9.4 kernel live patch module for kernel-5.14.0-427.44.1.el9_4 have been addressed. These include use-after-free and reentrancy issues in the net_sched hfsc subsystem, a queue length accounting bug, notification handling when child classes become empty, and an initialization issue in the i2c/designware driver. The update requires a system reboot to take effect and is rated as important by Red Hat Product Security.

This Red Hat security advisory addresses multiple vulnerabilities in the kernel live patch module for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, specifically targeting kernel-5.14.0-70.124.1.el9_0. The update fixes a use-after-free vulnerability in the net_sched hfsc class with netem as child qdisc (CVE-2025-37890), reentrant enqueue issues, queue length accounting bugs, notification handling when child classes become empty, and an initialization issue in the i2c/designware driver. The update requires a system reboot to take effect.

A set of security vulnerabilities affecting the Red Hat Enterprise Linux 8 kernel live patch module for kernel-4.18.0-553.16.1.el8_10 has been addressed. The issues include a use-after-free (UAF) vulnerability in the net_sched hfsc class with netem as child qdisc, reentrant enqueue problems, queue length accounting bugs, notification handling flaws, and an initialization issue in the i2c/designware driver. These vulnerabilities are fixed by updated kpatch-patch modules that require a system reboot to take effect.

This advisory addresses multiple security vulnerabilities in the Red Hat Enterprise Linux 8.8 kernel live patch module for kernel-4.18.0-477.67.1.el8_8. The vulnerabilities include a use-after-free (UAF) issue in the net_sched hfsc class with netem as a child qdisc, reentrant enqueue problems, queue length accounting bugs, notification handling flaws, and an initialization issue in the i2c/designware driver. These issues are fixed by updated kpatch modules that require a system reboot to take effect.

This security advisory from Red Hat addresses multiple vulnerabilities in the kernel live patch module for kernel version 4.18.0-372.118.1.el8_6. The fixes include a use-after-free vulnerability in the net_sched hfsc class with netem as child qdisc, reentrant enqueue issues, queue length accounting bugs, notification handling when child classes become empty, and an initialization issue in the i2c/designware driver. The update requires a system reboot to take effect and targets Red Hat Enterprise Linux 8.6 variants.