SB2025050615 - Red Hat Enterprise Linux 9 update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025050615

SB2025050615 - Red Hat Enterprise Linux 9 update for kernel

Published: May 6, 2025

Security Bulletin ID SB2025050615
Severity
Low
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Improper check for unusual or exceptional conditions (CVE-ID: CVE-2024-25739)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.


2) Resource management error (CVE-ID: CVE-2024-27056)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iwl_mvm_sta_ensure_queue() function in drivers/net/wireless/intel/iwlwifi/mvm/sta.c, within the __iwl_mvm_suspend() function in drivers/net/wireless/intel/iwlwifi/mvm/d3.c. A local user can perform a denial of service (DoS) attack.


3) Use-after-free (CVE-ID: CVE-2024-35855)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_acl_tcam_ventry_activity_get() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can escalate privileges on the system.


4) NULL pointer dereference (CVE-ID: CVE-2021-47386)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the w83791d_detect_subclients() function in drivers/hwmon/w83791d.c. A local user can perform a denial of service (DoS) attack.


5) Use-after-free (CVE-ID: CVE-2023-52803)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.


6) Resource management error (CVE-ID: CVE-2024-42322)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ip_vs_add_service() function in net/netfilter/ipvs/ip_vs_ctl.c. A local user can perform a denial of service (DoS) attack.


7) Memory leak (CVE-ID: CVE-2024-43871)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the EXPORT_SYMBOL_GPL() function in drivers/base/devres.c. A local user can perform a denial of service (DoS) attack.


8) Input validation error (CVE-ID: CVE-2024-47745)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the SYSCALL_DEFINE5() function in mm/mmap.c. A local user can perform a denial of service (DoS) attack.


9) Buffer overflow (CVE-ID: CVE-2025-21927)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nvme_tcp_queue_id() and nvme_tcp_recv_pdu() functions in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.


Remediation

Install update from vendor's website.

References