An update for kernel is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating
system.
Security Fix(es):
* kernel: can: isotp: fix potential CAN frame reception race in isotp_rcv()
(CVE-2022-48830)
* kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689)
* kernel: Squashfs: sanity check symbolic link size (CVE-2024-46744)
* kernel: vfs: fix race between evice_inodes() and find_inode()&iput()
(CVE-2024-47679)
* kernel: x86/tdx: Fix "in-kernel MMIO" check (CVE-2024-47727)
* kernel: rxrpc: Fix a race between socket set up and I/O thread creation
(CVE-2024-49864)
* kernel: io_uring: check if we need to reschedule during overflow flush
(CVE-2024-50060)
* kernel: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove
methods (CVE-2022-49024)
* kernel: posix-clock: Fix missing timespec64 check in pc_clock_settime()
(CVE-2024-50195)
* kernel: rxrpc: Fix missing locking causing hanging calls (CVE-2024-50294)
* kernel: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write
(CVE-2024-53052)
* kernel: afs: Fix lock recursion (CVE-2024-53090)
* kernel: virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)
* kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind
CONFIG_BROKEN (CVE-2024-53135)
* kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen
Security Advisory 466) (CVE-2024-53241)
* kernel: RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
* kernel: block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
* kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)
* kernel: net: af_can: do not leave a dangling sk pointer in can_create()
(CVE-2024-56603)
* kernel: blk-cgroup: Fix UAF in blkcg_unpin_online() (CVE-2024-56672)
* kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
(CVE-2024-56662)
* kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
(CVE-2024-56675)
* kernel: can: j1939: j1939_session_new(): fix skb reference counting
(CVE-2024-56645)
* kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel()
return -EBUSY (CVE-2024-56690)
* kernel: io_uring: check if iowq is killed before queuing (CVE-2024-56709)
* kernel: rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
(CVE-2024-56739)
* kernel: bpf: put bpf_link's program when link is safe to be deallocated
(CVE-2024-56786)
* kernel: igb: Fix potential invalid memory access in igb_init_module()
(CVE-2024-52332)
* kernel: ipvs: fix UB due to uninitialized stack access in
ip_vs_protocol_init() (CVE-2024-53680)
* kernel: netfilter: conntrack: clamp maximum hashtable size to INT_MAX
(CVE-2025-21648)
* kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts
(CVE-2025-21647)
* kernel: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
(CVE-2025-21631)
* kernel: zram: fix potential UAF of zram table (CVE-2025-21671)
* kernel: afs: Fix merge preference rule failure condition (CVE-2025-21672)
* kernel: mm: zswap: properly synchronize freeing resources during CPU
hotunplug (CVE-2025-21693)
* kernel: cachestat: fix page cache statistics permission checking
(CVE-2025-21691)
* kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)
* kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0
(CVE-2025-21702)
* kernel: usbnet: fix memory leak in error case (CVE-2022-49657)
* kernel: powerpc/xics: fix refcount leak in icp_opal_init() (CVE-2022-49432)
* kernel: net: tun: unlink NAPI from device on destruction (CVE-2022-49672)
* kernel: powerpc/papr_scm: don't requests stats with '0' sized
stats buffer (CVE-2022-49353)
* kernel: powerpc/xive: Fix refcount leak in xive_spapr_init (CVE-2022-49437)
* kernel: ima: Fix potential memory leak in ima_init_crypto() (CVE-2022-49627)
* kernel: linux/dim: Fix divide by 0 in RDMA DIM (CVE-2022-49670)
* kernel: can: isotp: sanitize CAN ID checks in isotp_bind() (CVE-2022-49269)
* kernel: ima: Fix a potential integer overflow in ima_appraise_measurement
(CVE-2022-49643)
* kernel: powerpc/xive/spapr: correct bitmap allocation size (CVE-2022-49623)
* kernel: efi: Do not import certificates from UEFI Secure Boot for T2 Macs
(CVE-2022-49357)
* kernel: list: fix a data-race around ep->rdllist (CVE-2022-49443)
* kernel: tracing/histograms: Fix memory leak problem (CVE-2022-49648)
* kernel: Input: synaptics - fix crash when enabling pass-through port
(CVE-2025-21746)
* kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)
* kernel: bpf: Send signals asynchronously if !preemptible (CVE-2025-21728)
* kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()
(CVE-2024-54456)
* kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
(CVE-2024-57987)
* kernel: wifi: brcmsmac: add gain range check to
wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)
* kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
(CVE-2024-57988)
* kernel: RDMA/mlx5: Fix implicit ODP use after free (CVE-2025-21714)
* kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)
* kernel: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding
endpoint check (CVE-2024-57993)
* kernel: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
(CVE-2025-21729)
* kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
(CVE-2024-57989)
* kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)
* kernel: OPP: add index check to assert to avoid buffer overflow in
_read_freq() (CVE-2024-57998)
* kernel: wifi: ath12k: fix read pointer after free in
ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)
* kernel: nfsd: clear acl_access/acl_default after releasing them
(CVE-2025-21796)
* kernel: scsi: ufs: core: Fix use-after free in init error and remove paths
(CVE-2025-21739)
* kernel: workqueue: Put the pwq after detaching the rescuer from the pool
(CVE-2025-21786)
* kernel: ata: libata-sff: Ensure that we cannot write outside the allocated
buffer (CVE-2025-21738)
* kernel: HID: core: Fix assumption that Resolution Multipliers must be in
Logical Collections (CVE-2024-57986)
* kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)
* kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)
* kernel: team: better TEAM_OPTION_TYPE_STRING validation (CVE-2025-21787)
* kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts
(CVE-2024-57981)
* kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)
* kernel: wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
(CVE-2024-57990)
* kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)
* kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
(CVE-2024-58012)
* kernel: blk-cgroup: Fix class @block_class's subsystem refcount leakage
(CVE-2025-21745)
* kernel: net: let net.core.dev_weight always be non-zero (CVE-2025-21806)
* kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)
* kernel: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized
(CVE-2024-58068)
* kernel: wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-58062)
* kernel: idpf: convert workqueues to unbound (CVE-2024-58057)
* kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828)
* kernel: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
(CVE-2024-58083)
* kernel: netfilter: nf_tables: reject mismatching sum of field_len with set
key length (CVE-2025-21826)
* kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback
(CVE-2024-58077)
* kernel: crypto: tegra - do not transfer req when tegra init fails
(CVE-2024-58075)
* kernel: RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170
[rdma_rxe]" (CVE-2025-21829)
* kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run()
loop (CVE-2025-21839)
* kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time
(CVE-2025-21837)
* kernel: information leak via transient execution vulnerability in some AMD
processors (CVE-2024-36350)
* kernel: transient execution vulnerability in some AMD processors
(CVE-2024-36357)
* kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel
(CVE-2025-21851)
* kernel: ibmvnic: Don't reference skb after sending to VIOS
(CVE-2025-21855)
* kernel: smb: client: Add check for next_buffer in
receive_encrypted_standard() (CVE-2025-21844)
* kernel: bpf: avoid holding freeze_mutex during mmap operation
(CVE-2025-21853)
* kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in
sof_ipc_msg_data() (CVE-2025-21847)
* kernel: tcp: drop secpath at the same time as we currently drop dst
(CVE-2025-21864)
* kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)
* kernel: acct: perform last write from workqueue (CVE-2025-21846)
* kernel: mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize() (CVE-2025-21861)
* kernel: io_uring: prevent opcode speculation (CVE-2025-21863)
* kernel: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (CVE-2025-21848)
* kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition
(CVE-2025-22056)
* kernel: can: j1939: j1939_send_one(): fix missing CAN header initialization
(CVE-2022-49845)
* kernel: usb: typec: ucsi: displayport: Fix NULL pointer access
(CVE-2025-37994)
* kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)
* kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM
bypass (CVE-2025-38396)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise
Linux 9 Release Notes linked from the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2022-48830
CVE-2022-49024: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2022-49269
CVE-2022-49353: NULL Pointer Dereference (CWE-476)
CVE-2022-49357: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2022-49432: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2022-49437: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2022-49443: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2022-49623
CVE-2022-49627
CVE-2022-49643
CVE-2022-49648: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2022-49657: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2022-49670: Divide By Zero (CWE-369)
CVE-2022-49672: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2022-49845: Use of Uninitialized Resource (CWE-908)
CVE-2024-36350: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2024-36357: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2024-46689: Improper Initialization (CWE-665)
CVE-2024-46744: Improper Link Resolution Before File Access ('Link
Following') (CWE-59)
CVE-2024-47679: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2024-47727: Improper Check for Unusual or Exceptional Conditions (CWE-754)
CVE-2024-49570: Use After Free (CWE-416)
CVE-2024-49864: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2024-50060: Improper Locking (CWE-667)
CVE-2024-50195: Improper Check for Unusual or Exceptional Conditions (CWE-754)
CVE-2024-50294: Improper Resource Locking (CWE-413)
CVE-2024-52332: Improper Restriction of Operations within the Bounds of a
Memory Buffer (CWE-119)
CVE-2024-53052: Improper Locking (CWE-667)
CVE-2024-53090: Uncontrolled Recursion (CWE-674)
CVE-2024-53119: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2024-53135: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2024-53170: Use After Free (CWE-416)
CVE-2024-53216: Use After Free (CWE-416)
CVE-2024-53229
CVE-2024-53241: Improper Restriction of Operations within the Bounds of a
Memory Buffer (CWE-119)
CVE-2024-53680: Use of Uninitialized Variable (CWE-457)
CVE-2024-54456: Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') (CWE-120)
CVE-2024-56603: Use After Free (CWE-416)
CVE-2024-56645: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2024-56662: Out-of-bounds Read (CWE-125)
CVE-2024-56672: Use After Free (CWE-416)
CVE-2024-56675: Use After Free (CWE-416)
CVE-2024-56690: Improper Check or Handling of Exceptional Conditions (CWE-703)
CVE-2024-56709: Concurrent Execution using Shared Resource with Improper
Synchronization ('Race Condition') (CWE-362)
CVE-2024-56739
CVE-2024-56786: Use After Free (CWE-416)
CVE-2024-57981: NULL Pointer Dereference (CWE-476)
CVE-2024-57986: Improper Input Validation (CWE-20)
CVE-2024-57987
CVE-2024-57988: NULL Pointer Dereference (CWE-476)
CVE-2024-57989: NULL Pointer Dereference (CWE-476)
CVE-2024-57990: Off-by-one Error (CWE-193)
CVE-2024-57993: Improper Input Validation (CWE-20)
CVE-2024-57995: Use After Free (CWE-416)
CVE-2024-57998: Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') (CWE-120)
CVE-2024-58012: NULL Pointer Dereference (CWE-476)
CVE-2024-58014: Out-of-bounds Read (CWE-125)
CVE-2024-58015: Out-of-bounds Read (CWE-125)
CVE-2024-58057: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-58062: NULL Pointer Dereference (CWE-476)
CVE-2024-58068: Use of NullPointerException Catch to Detect NULL Pointer
Dereference (CWE-395)
CVE-2024-58072: Use After Free (CWE-416)
CVE-2024-58075: Unchecked Return Value (CWE-252)
CVE-2024-58077: Uncontrolled Resource Consumption (CWE-400)
CVE-2024-58083
CVE-2024-58088: Improper Locking (CWE-667)
CVE-2025-21631: Use After Free (CWE-416)
CVE-2025-21647: Out-of-bounds Read (CWE-125)
CVE-2025-21648: Memory Allocation with Excessive Size Value (CWE-789)
CVE-2025-21671: Use After Free (CWE-416)
CVE-2025-21672: Improper Locking (CWE-667)
CVE-2025-21691: Incorrect Authorization (CWE-863)
CVE-2025-21693: Use After Free (CWE-416)
CVE-2025-21696: Improper Input Validation (CWE-20)
CVE-2025-21702: CWE-438 (CWE-438)
CVE-2025-21714: Use After Free (CWE-416)
CVE-2025-21726: Use After Free (CWE-416)
CVE-2025-21728: Improper Input Validation (CWE-20)
CVE-2025-21729
CVE-2025-21738: Improper Restriction of Operations within the Bounds of a
Memory Buffer (CWE-119)
CVE-2025-21739: Use After Free (CWE-416)
CVE-2025-21745: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2025-21746: Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
CVE-2025-21765: Missing Lock Check (CWE-414)
CVE-2025-21786: Use After Free (CWE-416)
CVE-2025-21787: Use of Uninitialized Resource (CWE-908)
CVE-2025-21790: NULL Pointer Dereference (CWE-476)
CVE-2025-21791: Use After Free (CWE-416)
CVE-2025-21795: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2025-21796: Use After Free (CWE-416)
CVE-2025-21806: Improper Input Validation (CWE-20)
CVE-2025-21826: Incorrect Calculation (CWE-682)
CVE-2025-21828: Improper Input Validation (CWE-20)
CVE-2025-21829: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2025-21837
CVE-2025-21839: Improper Initialization (CWE-665)
CVE-2025-21844: NULL Pointer Dereference (CWE-476)
CVE-2025-21846
CVE-2025-21847: NULL Pointer Dereference (CWE-476)
CVE-2025-21848: Use of NullPointerException Catch to Detect NULL Pointer
Dereference (CWE-395)
CVE-2025-21851: Improper Locking (CWE-667)
CVE-2025-21853: Deadlock (CWE-833)
CVE-2025-21855: Use After Free (CWE-416)
CVE-2025-21861
CVE-2025-21863: Improper Control of Resource Identifiers ('Resource
Injection') (CWE-99)
CVE-2025-21864: NULL Pointer Dereference (CWE-476)
CVE-2025-22056: Out-of-bounds Write (CWE-787)
CVE-2025-37994
CVE-2025-38116: Use After Free (CWE-416)
CVE-2025-38396: Incorrect Privilege Assignment (CWE-266)
|
