RHSA-2026:3110
Vulnerability from csaf_redhat - Published: 2026-02-23 17:45 - Updated: 2026-03-13 18:12Summary
Red Hat Security Advisory: kernel-rt security update
Notes
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)
* kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init (CVE-2025-38248)
* kernel: smc: Fix use-after-free in __pnet_find_base_ndev() (CVE-2025-40064)
* kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)
* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)\n\n* kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init (CVE-2025-38248)\n\n* kernel: smc: Fix use-after-free in __pnet_find_base_ndev() (CVE-2025-40064)\n\n* kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)\n\n* kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation (CVE-2026-23074)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3110",
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2376034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034"
},
{
"category": "external",
"summary": "2378981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378981"
},
{
"category": "external",
"summary": "2406747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406747"
},
{
"category": "external",
"summary": "2429065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429065"
},
{
"category": "external",
"summary": "2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3110.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security update",
"tracking": {
"current_release_date": "2026-03-13T18:12:42+00:00",
"generator": {
"date": "2026-03-13T18:12:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:3110",
"initial_release_date": "2026-02-23T17:45:43+00:00",
"revision_history": [
{
"date": "2026-02-23T17:45:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:45:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-13T18:12:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::nfv"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::realtime"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"product": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"product_id": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.107.1.rt7.448.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-core@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-core@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-kvm@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-modules-extra@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@4.18.0-553.107.1.rt7.448.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux NFV (v. 8)",
"product_id": "NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "NFV-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64 as a component of Red Hat Enterprise Linux RT (v. 8)",
"product_id": "RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
},
"product_reference": "kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"relates_to_product_reference": "RT-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-38129",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376034"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free (UAF), occurs in the `page_pool_recycle_in_ring` function. A local attacker could exploit this by manipulating the system\u0027s memory management, causing a freed memory region to be improperly accessed. This can lead to system instability, unauthorized access to sensitive information, or potentially allow an attacker to execute malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38129"
},
{
"category": "external",
"summary": "RHBZ#2376034",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38129",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38129"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38129-3c0e@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38129-3c0e@gregkh/T"
}
],
"release_date": "2025-07-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution"
},
{
"cve": "CVE-2025-38248",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2378981"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s bridge multicast functionality. A local user could trigger a use-after-free vulnerability, a type of memory corruption, by improperly configuring network bridge router ports. This issue arises because the system fails to correctly remove ports from its internal router port lists, leading to references to freed memory. Exploiting this flaw could result in system instability, denial of service, or potentially allow for privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-38248"
},
{
"category": "external",
"summary": "RHBZ#2378981",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2378981"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38248",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38248"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38248-003c@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38248-003c@gregkh/T"
}
],
"release_date": "2025-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Linux kernel:A use-after-free in bridge multicast in br_multicast_port_ctx_init"
},
{
"cve": "CVE-2025-40064",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-10-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406747"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmc: Fix use-after-free in __pnet_find_base_ndev().\n\nsyzbot reported use-after-free of net_device in __pnet_find_base_ndev(),\nwhich was called during connect(). [0]\n\nsmc_pnet_find_ism_resource() fetches sk_dst_get(sk)-\u003edev and passes\ndown to pnet_find_base_ndev(), where RTNL is held. Then, UAF happened\nat __pnet_find_base_ndev() when the dev is first used.\n\nThis means dev had already been freed before acquiring RTNL in\npnet_find_base_ndev().\n\nWhile dev is going away, dst-\u003edev could be swapped with blackhole_netdev,\nand the dev\u0027s refcnt by dst will be released.\n\nWe must hold dev\u0027s refcnt before calling smc_pnet_find_ism_resource().\n\nAlso, smc_pnet_find_roce_resource() has the same problem.\n\nLet\u0027s use __sk_dst_get() and dst_dev_rcu() in the two functions.\n\n[0]:\nBUG: KASAN: use-after-free in __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\nRead of size 1 at addr ffff888036bac33a by task syz.0.3632/18609\n\nCPU: 1 UID: 0 PID: 18609 Comm: syz.0.3632 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n __pnet_find_base_ndev+0x1b1/0x1c0 net/smc/smc_pnet.c:926\n pnet_find_base_ndev net/smc/smc_pnet.c:946 [inline]\n smc_pnet_find_ism_by_pnetid net/smc/smc_pnet.c:1103 [inline]\n smc_pnet_find_ism_resource+0xef/0x390 net/smc/smc_pnet.c:1154\n smc_find_ism_device net/smc/af_smc.c:1030 [inline]\n smc_find_proposal_devices net/smc/af_smc.c:1115 [inline]\n __smc_connect+0x372/0x1890 net/smc/af_smc.c:1545\n smc_connect+0x877/0xd90 net/smc/af_smc.c:1715\n __sys_connect_file net/socket.c:2086 [inline]\n __sys_connect+0x313/0x440 net/socket.c:2105\n __do_sys_connect net/socket.c:2111 [inline]\n __se_sys_connect net/socket.c:2108 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2108\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f47cbf8eba9\nCode: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f47ccdb1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f47cc1d5fa0 RCX: 00007f47cbf8eba9\nRDX: 0000000000000010 RSI: 0000200000000280 RDI: 000000000000000b\nRBP: 00007f47cc011e19 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007f47cc1d6038 R14: 00007f47cc1d5fa0 R15: 00007ffc512f8aa8\n \u003c/TASK\u003e\n\nThe buggy address belongs to the physical page:\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888036bacd00 pfn:0x36bac\nflags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000000000 ffffea0001243d08 ffff8880b863fdc0 0000000000000000\nraw: ffff888036bacd00 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner tracks the page as freed\npage last allocated via order 2, migratetype Unmovable, gfp_mask 0x446dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 16741, tgid 16741 (syz-executor), ts 343313197788, free_ts 380670750466\n set_page_owner include/linux/page_owner.h:32 [inline]\n post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1851\n prep_new_page mm/page_alloc.c:1859 [inline]\n get_page_from_freelist+0x21e4/0x22c0 mm/page_alloc.c:3858\n __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5148\n alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416\n ___kmalloc_large_node+0x5f/0x1b0 mm/slub.c:4317\n __kmalloc_large_node_noprof+0x18/0x90 mm/slub.c:4348\n __do_kmalloc_node mm/slub.c:4364 [inline]\n __kvmalloc_node\n---truncated---",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: smc: Fix use-after-free in __pnet_find_base_ndev()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40064"
},
{
"category": "external",
"summary": "RHBZ#2406747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40064",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40064"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40064-0c16@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2025102817-CVE-2025-40064-0c16@gregkh/T"
}
],
"release_date": "2025-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: smc: Fix use-after-free in __pnet_find_base_ndev()"
},
{
"cve": "CVE-2025-68800",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-01-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429065"
}
],
"notes": [
{
"category": "description",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats\n\nCited commit added a dedicated mutex (instead of RTNL) to protect the\nmulticast route list, so that it will not change while the driver\nperiodically traverses it in order to update the kernel about multicast\nroute stats that were queried from the device.\n\nOne instance of list entry deletion (during route replace) was missed\nand it can result in a use-after-free [1].\n\nFix by acquiring the mutex before deleting the entry from the list and\nreleasing it afterwards.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum]\nRead of size 8 at addr ffff8881523c2fa8 by task kworker/2:5/22043\n\nCPU: 2 UID: 0 PID: 22043 Comm: kworker/2:5 Not tainted 6.18.0-rc1-custom-g1a3d6d7cd014 #1 PREEMPT(full)\nHardware name: Mellanox Technologies Ltd. MSN2010/SA002610, BIOS 5.6.5 08/24/2017\nWorkqueue: mlxsw_core mlxsw_sp_mr_stats_update [mlxsw_spectrum]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xba/0x110\n print_report+0x174/0x4f5\n kasan_report+0xdf/0x110\n mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 29933:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n mlxsw_sp_mr_route_add+0xd8/0x4770 [mlxsw_spectrum]\n mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 29933:\n kasan_save_stack+0x30/0x50\n kasan_save_track+0x14/0x30\n __kasan_save_free_info+0x3b/0x70\n __kasan_slab_free+0x43/0x70\n kfree+0x14e/0x700\n mlxsw_sp_mr_route_add+0x2dea/0x4770 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:444 [mlxsw_spectrum]\n mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum]\n process_one_work+0x9cc/0x18e0\n worker_thread+0x5df/0xe40\n kthread+0x3b8/0x730\n ret_from_fork+0x3e9/0x560\n ret_from_fork_asm+0x1a/0x30",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A use-after-free exists in mlxsw_spectrum multicast routing when a route entry is deleted from the multicast route list without holding route_list_lock, while the periodic stats worker traverses the same list. A privileged attacker who can manipulate multicast routes on a host using mlxsw Spectrum hardware can trigger the race to crash the kernel and potentially corrupt memory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68800"
},
{
"category": "external",
"summary": "RHBZ#2429065",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429065"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68800"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2026011307-CVE-2025-68800-39d2@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2026011307-CVE-2025-68800-39d2@gregkh/T"
}
],
"release_date": "2026-01-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats"
},
{
"cve": "CVE-2026-23074",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-02-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436791"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s networking component. A local attacker with low privileges could exploit a design issue in the teql queueing discipline, which is responsible for managing network traffic. By sending specially crafted network packets, an attacker could trigger a use-after-free (UAF) vulnerability, which is a type of memory corruption. This could lead to a system crash, or potentially allow the attacker to execute unauthorized code or gain elevated system access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23074"
},
{
"category": "external",
"summary": "RHBZ#2436791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23074"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T",
"url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/T"
}
],
"release_date": "2026-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:45:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"NFV-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.src",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-core-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debug-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-debuginfo-common-x86_64-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-devel-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-kvm-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64",
"RT-8.10.0.Z.MAIN.EUS:kernel-rt-modules-extra-0:4.18.0-553.107.1.rt7.448.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Linux kernel: Use-after-free in teql queueing discipline can lead to privilege escalation"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…