SB2025062422 - Red Hat Enterprise Linux 8 update for kernel

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-49696)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tipc_exit_net() function in net/tipc/core.c. A local user can escalate privileges on the system.

2) Use-after-free (CVE-ID: CVE-2022-49328)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mt76_txq_stopped() and mt76_txq_schedule_list() functions in drivers/net/wireless/mediatek/mt76/tx.c, within the mt7921_add_interface() function in drivers/net/wireless/mediatek/mt76/mt7921/main.c, within the mt7915_add_interface() function in drivers/net/wireless/mediatek/mt76/mt7915/main.c, within the mt76x02_vif_init() and mt76x02_remove_interface() functions in drivers/net/wireless/mediatek/mt76/mt76x02_util.c, within the mt7615_add_interface() function in drivers/net/wireless/mediatek/mt76/mt7615/main.c, within the mt7603_add_interface() function in drivers/net/wireless/mediatek/mt76/mt7603/main.c, within the mt76_sta_add() function in drivers/net/wireless/mediatek/mt76/mac80211.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2025-21764)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2025:9498