Threats Tagged 'cve-2025-38352'

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 8.6. The issues include race conditions, buffer overflows, use-after-free, and improper memory handling in various kernel subsystems such as huge pages, WiFi drivers, SCSI, POSIX CPU timers, and TIPC. The update fixes these vulnerabilities to improve system security. A system reboot is required to apply the update.

Red Hat has issued a security advisory for multiple vulnerabilities in the Linux kernel packages included in Red Hat Enterprise Linux 9.4 Extended Update Support. The update addresses ten distinct security issues including use-after-free, double free, race conditions, buffer overflows, and speculation side-channel fixes across various kernel subsystems such as networking, Bluetooth, SCSI, and WiFi. The advisory rates the update as important and requires a system reboot after applying the update. Detailed CVE references are provided for each fixed vulnerability.

This advisory addresses two security vulnerabilities in the Red Hat Enterprise Linux 9 kernel live patch module for kernel-5.14.0-570.17.1.el9_6. The first vulnerability (CVE-2025-38052) is a slab-use-after-free read issue in the net/tipc component. The second (CVE-2025-38352) is a race condition in posix-cpu-timers. These issues are fixed by updated kpatch modules that require a system reboot to take effect.

This advisory addresses two security vulnerabilities in the Red Hat Enterprise Linux 8 kernel live patch module for kernel version 4.18.0-553.16.1.el8_10. The first vulnerability (CVE-2025-38052) is a slab-use-after-free read issue in the net/tipc component. The second (CVE-2025-38352) is a race condition in posix-cpu-timers. These issues are fixed by updated kpatch modules that modify the running kernel code without rebooting. A system reboot is required for the update to take effect.

This advisory addresses two security vulnerabilities in the Red Hat Enterprise Linux 9.2 kernel live patch module for kernel-5.14.0-284.79.1.el9_2. The first vulnerability (CVE-2025-38052) is a slab-use-after-free read issue in the net/tipc component. The second (CVE-2025-38352) is a race condition in posix-cpu-timers between handle_posix_cpu_timers() and posix_cpu_timer_del(). These issues are fixed by updated kpatch modules that require a system reboot to take effect.

This advisory addresses two security vulnerabilities in the Red Hat Enterprise Linux 9.4 kernel live patch module for kernel version 5.14.0-427.31.1.el9_4. The first vulnerability (CVE-2025-38052) is a use-after-free issue in the net/tipc component. The second (CVE-2025-38352) is a race condition in the posix-cpu-timers subsystem. These issues are fixed by updated kpatch modules that require a system reboot to take effect.

This advisory addresses two security vulnerabilities in the Red Hat Enterprise Linux 9.0 kernel live patch module for kernel-5.14.0-70.112.1.el9_0. The first is a use-after-free vulnerability in the net/tipc component (CVE-2025-38052), and the second is a race condition in the posix-cpu-timers component (CVE-2025-38352). These issues are fixed by updated kpatch modules that require a system reboot to take effect.

This advisory addresses two security vulnerabilities in the Red Hat Enterprise Linux 8.8 kernel live patch module for kernel-4.18.0-477.67.1.el8_8. The first vulnerability (CVE-2025-38052) is a slab-use-after-free read issue in the net/tipc component. The second (CVE-2025-38352) is a race condition between handle_posix_cpu_timers() and posix_cpu_timer_del() in the posix-cpu-timers subsystem. These issues are fixed by updated kpatch modules provided by Red Hat. A system reboot is required to apply the updates effectively.

This advisory addresses two security vulnerabilities in the Linux kernel 4.18.0-372.118.1.el8_6 used by Red Hat Enterprise Linux 8.6. The vulnerabilities include a use-after-free bug in the TIPC network protocol implementation (CVE-2025-38052) and a race condition in POSIX CPU timers (CVE-2025-38352). These issues are fixed via kernel live patch modules that can be applied without rebooting, though a reboot is required for full effect. The update is rated as important by Red Hat Product Security.