Threats Tagged 'cve-2026-43163'

This Red Hat security advisory addresses multiple vulnerabilities in the Linux kernel packages used by Red Hat Enterprise Linux 8 and related products. The update fixes a range of issues including use-after-free bugs, buffer overflows, denial of service, memory corruption, and validation errors across various kernel subsystems such as Bluetooth, netfilter, ALSA, RDMA, and file systems. The advisory covers 18 CVEs with impacts ranging from potential privilege escalation to denial of service. Red Hat has released patches for these vulnerabilities and recommends applying the update followed by a system reboot to ensure the fixes take effect.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766) * kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741) * kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116) * kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984) * kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990) * kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state (CVE-2026-23136) * kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204) * kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) * kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401) * kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402) * kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532) * kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607) * kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163) * kernel: RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128) * kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284) * kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300) * kernel: Read root-owned files as an unprivileged user (CVE-2026-46333) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) * kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653) * kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766) * kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366) * kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741) * kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) * kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) * kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419) * kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) * kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653) * kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766) * kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366) * kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741) * kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243) * kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270) * kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419) * kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.