Vulnerability-Lookup

RHSA-2026:4244

Vulnerability from csaf_redhat - Published: 2026-03-11 00:12 - Updated: 2026-03-12 19:08

Summary

Red Hat Security Advisory: kernel-rt security update

Notes

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF (CVE-2025-37882) * kernel: page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF (CVE-2025-37882)\n\n* kernel: page_pool: Fix use-after-free in page_pool_recycle_in_ring (CVE-2025-38129)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:4244",
        "url": "https://access.redhat.com/errata/RHSA-2026:4244"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2365250",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365250"
      },
      {
        "category": "external",
        "summary": "2376034",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4244.json"
      }
    ],
    "title": "Red Hat Security Advisory: kernel-rt security update",
    "tracking": {
      "current_release_date": "2026-03-12T19:08:32+00:00",
      "generator": {
        "date": "2026-03-12T19:08:32+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2026:4244",
      "initial_release_date": "2026-03-11T00:12:55+00:00",
      "revision_history": [
        {
          "date": "2026-03-11T00:12:55+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-03-11T00:12:55+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-12T19:08:32+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
                  "product_id": "NFV-9.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_e4s:9.0::nfv"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                "product": {
                  "name": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
                  "product_id": "RT-9.0.0.Z.E4S",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_e4s:9.0::realtime"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
                "product": {
                  "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
                  "product_id": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-70.169.1.rt21.241.el9_0?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-core@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-core@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-devel@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-kvm@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-modules-extra@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-devel@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-kvm@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-modules-extra@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                "product": {
                  "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_id": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@5.14.0-70.169.1.rt21.241.el9_0?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux NFV E4S (v.9.0)",
          "product_id": "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "NFV-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64 as a component of Red Hat Enterprise Linux Real Time E4S (v.9.0)",
          "product_id": "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        },
        "product_reference": "kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
        "relates_to_product_reference": "RT-9.0.0.Z.E4S"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-37882",
      "cwe": {
        "id": "CWE-367",
        "name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
      },
      "discovery_date": "2025-05-09T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2365250"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel\u0027s xHCI (eXtensible Host Controller Interface) driver. This vulnerability allows data loss or buffer Use-After-Free (UAF) due to a race condition during isochronous Ring Underrun/Overrun event handling.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-37882"
        },
        {
          "category": "external",
          "summary": "RHBZ#2365250",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2365250"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-37882",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-37882"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-37882",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37882"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025050944-CVE-2025-37882-db64@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025050944-CVE-2025-37882-db64@gregkh/T"
        }
      ],
      "release_date": "2025-05-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-11T00:12:55+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4244"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: Linux kernel: xHCI driver isochronous event handling race condition leading to data loss or UAF"
    },
    {
      "cve": "CVE-2025-38129",
      "cwe": {
        "id": "CWE-825",
        "name": "Expired Pointer Dereference"
      },
      "discovery_date": "2025-07-03T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2376034"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Linux kernel. This vulnerability, known as a use-after-free (UAF), occurs in the `page_pool_recycle_in_ring` function. A local attacker could exploit this by manipulating the system\u0027s memory management, causing a freed memory region to be improperly accessed. This can lead to system instability, unauthorized access to sensitive information, or potentially allow an attacker to execute malicious code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
          "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
          "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
          "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-38129"
        },
        {
          "category": "external",
          "summary": "RHBZ#2376034",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376034"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-38129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-38129",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38129"
        },
        {
          "category": "external",
          "summary": "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38129-3c0e@gregkh/T",
          "url": "https://lore.kernel.org/linux-cve-announce/2025070330-CVE-2025-38129-3c0e@gregkh/T"
        }
      ],
      "release_date": "2025-07-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-11T00:12:55+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
          "product_ids": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:4244"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "NFV-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "NFV-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.src",
            "RT-9.0.0.Z.E4S:kernel-rt-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-core-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debug-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-debuginfo-common-x86_64-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-devel-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-kvm-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64",
            "RT-9.0.0.Z.E4S:kernel-rt-modules-extra-0:5.14.0-70.169.1.rt21.241.el9_0.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "kernel: Linux kernel: Use-after-free vulnerability in page_pool_recycle_in_ring can lead to arbitrary code execution"
    }
  ]
}

CVE-2025-38129 (GCVE-0-2025-38129)

Vulnerability from cvelistv5 – Published: 2025-07-03 08:35 – Updated: 2026-01-19 12:18

Title

page_pool: Fix use-after-free in page_pool_recycle_in_ring

Summary

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of size 8 at addr ffff8880286045a0 by task syz.0.284/6943 CPU: 0 UID: 0 PID: 6943 Comm: syz.0.284 Not tainted 6.13.0-rc3-syzkaller-gdfa94ce54f41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:165 [inline] _raw_spin_unlock_bh+0x1b/0x40 kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] ptr_ring_produce_bh include/linux/ptr_ring.h:164 [inline] page_pool_recycle_in_ring net/core/page_pool.c:707 [inline] page_pool_put_unrefed_netmem+0x748/0xb00 net/core/page_pool.c:826 page_pool_put_netmem include/net/page_pool/helpers.h:323 [inline] page_pool_put_full_netmem include/net/page_pool/helpers.h:353 [inline] napi_pp_put_page+0x149/0x2b0 net/core/skbuff.c:1036 skb_pp_recycle net/core/skbuff.c:1047 [inline] skb_free_head net/core/skbuff.c:1094 [inline] skb_release_data+0x6c4/0x8a0 net/core/skbuff.c:1125 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb net/core/skbuff.c:1204 [inline] sk_skb_reason_drop+0x1c9/0x380 net/core/skbuff.c:1242 kfree_skb_reason include/linux/skbuff.h:1263 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3343 [inline] root cause is: page_pool_recycle_in_ring ptr_ring_produce spin_lock(&r->producer_lock); WRITE_ONCE(r->queue[r->producer++], ptr) //recycle last page to pool page_pool_release page_pool_scrub page_pool_empty_ring ptr_ring_consume page_pool_return_page //release all page __page_pool_destroy free_percpu(pool->recycle_stats); free(pool) //free spin_unlock(&r->producer_lock); //pool->ring uaf read recycle_stat_inc(pool, ring); page_pool can be free while page pool recycle the last page in ring. Add producer-lock barrier to page_pool_release to prevent the page pool from being free before all pages have been recycled. recycle_stat_inc() is empty when CONFIG_PAGE_POOL_STATS is not enabled, which will trigger Wempty-body build warning. Add definition for pool stat macro to fix warning.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

CVE-2025-37882 (GCVE-0-2025-37882)

Vulnerability from cvelistv5 – Published: 2025-05-09 06:45 – Updated: 2026-01-02 15:29

Title

usb: xhci: Fix isochronous Ring Underrun/Overrun event handling

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event, a new TD may be queued at this ring position. I can trigger this race by rising interrupt moderation to increase IRQ handling delay. Similar delay may occur naturally due to system load. If this ever happens after a Missed Service Error, missed TDs will be skipped and the new TD processed as if it matched the event. It could be given back prematurely, risking data loss or buffer UAF by the xHC. Don't complete TDs on xrun events and don't warn if queued TDs don't match the event's TRB pointer, which can be NULL or a link/no-op TRB. Don't warn if there are no queued TDs at all. Now that it's safe, also handle xrun events if the skip flag is clear. This ensures completion of any TD stuck in 'error mid TD' state right before the xrun event, which could happen if a driver submits a finite number of URBs to a buggy HC and then an error occurs on the last TD.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:4244

CVE-2025-38129 (GCVE-0-2025-38129)

CVE-2025-37882 (GCVE-0-2025-37882)

Tags

Sightings

Nomenclature