SB2025063049 - Red Hat Enterprise Linux 9 update for kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025063049

SB2025063049 - Red Hat Enterprise Linux 9 update for kernel

Published: June 30, 2025

Security Bulletin ID SB2025063049
Severity
Low
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Use of uninitialized resource (CVE-ID: CVE-2024-26638)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __sock_xmit() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.


2) Improper locking (CVE-ID: CVE-2023-52623)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the xprt_iter_current_entry() and rpc_xprt_switch_has_addr() functions in net/sunrpc/xprtmultipath.c. A local user can perform a denial of service (DoS) attack.


3) Memory leak (CVE-ID: CVE-2024-26669)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the fl_tmplt_destroy() function in net/sched/cls_flower.c, within the tcf_block_playback_offloads() and tc_chain_tmplt_add() functions in net/sched/cls_api.c, within the void() function in include/net/sch_generic.h. A local user can perform a denial of service (DoS) attack.


4) Use-after-free (CVE-ID: CVE-2024-26939)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the active_to_vma() and i915_vma_pin_ww() functions in drivers/gpu/drm/i915/i915_vma.c. A local user can escalate privileges on the system.


5) Information disclosure (CVE-ID: CVE-2024-35838)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sta_info_free() function in net/mac80211/sta_info.c. A local user can gain access to sensitive information.


6) Double free (CVE-ID: CVE-2024-35847)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the its_vpe_irq_domain_alloc() function in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.


7) Memory leak (CVE-ID: CVE-2023-52662)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.


8) Buffer overflow (CVE-ID: CVE-2024-36917)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.


9) Input validation error (CVE-ID: CVE-2024-41042)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() and nft_validate_register_store() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.


10) Out-of-bounds read (CVE-ID: CVE-2024-56615)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dev_map_alloc(), dev_map_delete_elem() and dev_map_hash_delete_elem() functions in kernel/bpf/devmap.c. A local user can perform a denial of service (DoS) attack.


11) Use-after-free (CVE-ID: CVE-2025-21764)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.


12) Input validation error (CVE-ID: CVE-2024-58099)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vmxnet3_xdp_xmit_frame() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References