Threats Tagged 'cve-2025-71238'

Red Hat has issued a security advisory for the kernel-rt packages, which provide the Real Time Linux Kernel for systems requiring high determinism. The update addresses four vulnerabilities: a race condition in nouveau (CVE-2024-26984), a use-after-free in iscsi target code (CVE-2026-23193), a use-after-free in nf_tables_addchain() that can lead to privilege escalation or denial of service (CVE-2026-23231), and a double free vulnerability in the qla2xxx driver causing denial of service and potential privilege escalation (CVE-2025-71238). These vulnerabilities have a moderate security impact. The advisory includes updated packages for affected Red Hat Enterprise Linux 8 Real Time variants. Systems must be rebooted after applying the update for the fixes to take effect.

Multiple use-after-free and double free vulnerabilities have been identified in the Linux kernel packages used by Red Hat Enterprise Linux 8. 8 and related variants. These vulnerabilities affect various kernel subsystems including ATM, bridge multicast, SMC, macvlan, and qla2xxx drivers. The issues could lead to denial of service and potential privilege escalation. Red Hat has issued a security advisory (RHSA-2026:6954) addressing these vulnerabilities with updated kernel packages. A system reboot is required after applying the update for the fixes to take effect. The update is rated with a moderate security impact by Red Hat.

This advisory addresses two vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 10. The first is a use-after-free vulnerability in nf_tables_addchain() (CVE-2026-23231) that can lead to privilege escalation or denial of service. The second is a double free vulnerability in the qla2xxx driver (CVE-2025-71238) that can also cause denial of service and potential privilege escalation. Red Hat has released updated kernel packages to fix these issues. A system reboot is required to apply the updates. The security impact is rated as moderate by Red Hat.

Red Hat has issued a moderate severity security advisory for multiple vulnerabilities in the Linux kernel packages used in Red Hat Enterprise Linux 8 and related products. The update addresses four vulnerabilities including race conditions, use-after-free, and double free bugs that could lead to denial of service or privilege escalation. The affected components include nouveau, iscsi target, nf_tables, and qla2xxx kernel modules. A system reboot is required after applying the update for the fixes to take effect.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 10. 0 Extended Update Support and related products. The issues include a local denial of service and memory leak in DAMON sysfs (CVE-2026-23144), a use-after-free vulnerability in the bonding module that can cause system crashes or arbitrary code execution (CVE-2026-23171), a kernel network scheduler issue (CVE-2026-23204), and a double free vulnerability in the qla2xxx driver that can lead to denial of service and potential privilege escalation (CVE-2025-71238). Red Hat has released updated kernel packages that fix these vulnerabilities. A system reboot is required to apply the update. The advisory rates the overall security impact as moderate. No known exploits in the wild have been reported at this time.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 8. 6. The issues include a denial of service caused by a deadlock in hugetlb folio migration (CVE-2026-23097), a use-after-free vulnerability in the iSCSI target code (CVE-2026-23193), a double free vulnerability in the qla2xxx driver that can lead to denial of service and potential privilege escalation (CVE-2025-71238), and a heap overflow in the NFSv4. 0 LOCK replay cache (CVE-2026-31402). Red Hat has released updated kernel packages to address these vulnerabilities, and a system reboot is required to apply the fixes. The advisory rates the update as important and the severity of the double free vulnerability as high. No known exploits in the wild have been reported at this time.

A security advisory from Red Hat addresses multiple vulnerabilities in the Linux kernel packages used in Red Hat Enterprise Linux 9. 4 Extended Update Support and related products. The vulnerabilities include a double free in the qla2xxx driver (CVE-2025-71238) that can lead to denial of service and potential privilege escalation, privilege escalation or denial of service in KVM due to improper shadow page table handling (CVE-2026-23401), and several use-after-free and race condition issues in kernel components such as ALSA aloop, crypto algif_aead, and CAN raw sockets. These issues are rated as important by Red Hat and require applying the provided kernel update and rebooting the system. No known exploits in the wild have been reported. The advisory covers multiple architectures and product variants of Red Hat Enterprise Linux 9. 4 EUS.

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages for Red Hat Enterprise Linux 8. 4. The issues include a double free vulnerability in the qla2xxx driver (CVE-2025-71238) that can lead to denial of service and potential privilege escalation, a use-after-free in the iSCSI target code (CVE-2026-23193), a heap overflow in the NFSv4. 0 LOCK replay cache (CVE-2026-31402), and a cryptographic algorithm interface regression (CVE-2026-31431). These vulnerabilities affect the core Linux kernel components and have been rated with an overall security impact of Important by Red Hat. A kernel update is available that addresses these issues, and a system reboot is required to apply the fixes.

This Red Hat security advisory addresses multiple vulnerabilities in the kernel-rt packages, which provide the Real Time Linux Kernel for systems requiring high determinism. The update fixes use-after-free, double free, denial of service, memory corruption, and local privilege escalation vulnerabilities across various kernel components including proc, qla2xxx, RDMA umad, KVM, CAN raw sockets, ESP/XFRM, and file access controls. The advisory rates the security impact as Important and affects Red Hat Enterprise Linux 9. 2 Real Time variants. A system reboot is required after applying the update for the fixes to take effect.