SB2025082733 - Red Hat Enterprise Linux 9 update for kernel

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2022-49385)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bus_add_driver() function in drivers/base/bus.c. A local user can escalate privileges on the system.

2) Buffer overflow (CVE-ID: CVE-2025-22026)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nfsd_show() function in fs/nfsd/stats.c, within the nfsd_net_init() function in fs/nfsd/nfsctl.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2023-53047)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tconInfoAlloc() and tconInfoFree() functions in fs/cifs/misc.c, within the DECLARE_RWSEM(), dfs_cache_destroy(), dfs_cache_add_refsrv_session() and dfs_cache_remount_fs() functions in fs/cifs/dfs_cache.c, within the get_session(), get_dfs_conn(), __dfs_mount_share() and dfs_mount_share() functions in fs/cifs/dfs.c, within the cifs_mount() and cifs_umount() functions in fs/cifs/connect.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2025-37890)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.

5) Use-after-free (CVE-ID: CVE-2025-38001)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cl_in_el_or_vttree(), hfsc_change_class() and hfsc_enqueue() functions in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.

6) Use-after-free (CVE-ID: CVE-2025-38000)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hfsc_enqueue() function in net/sched/sch_hfsc.c. A local user can escalate privileges on the system.

7) NULL pointer dereference (CVE-ID: CVE-2022-49977)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ftrace_startup() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

8) Race condition (CVE-ID: CVE-2022-50044)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the qcom_mhi_qrtr_probe() function in net/qrtr/mhi.c. A local user can escalate privileges on the system.

9) Input validation error (CVE-ID: CVE-2022-49991)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the f2fs_new_node_page() function in fs/f2fs/node.c. A local user can perform a denial of service (DoS) attack.

10) Input validation error (CVE-ID: CVE-2025-38177)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the eltree_insert() and hfsc_qlen_notify() functions in net/sched/sch_hfsc.c. A local user can perform a denial of service (DoS) attack.

11) Use-after-free (CVE-ID: CVE-2025-38350)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qdisc_alloc_handle() and qdisc_tree_reduce_backlog() functions in net/sched/sch_api.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2025:14744