SB2025112508 - Red Hat Enterprise Linux 8 update for kernel
Published: November 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2024-46679)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2025-38729)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the validate_uac3_feature_unit() and FUNC() functions in sound/usb/validate.c. A local user can perform a denial of service (DoS) attack.
3) Improper locking (CVE-ID: CVE-2025-38718)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sctp_rcv() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
4) Improper locking (CVE-ID: CVE-2025-39697)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_page_set_inode_ref(), nfs_page_group_lock() and nfs_inode_remove_request() functions in fs/nfs/write.c, within the nfs_page_group_unlock() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
5) Out-of-bounds read (CVE-ID: CVE-2025-39757)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the convert_chmap_v3() and snd_usb_get_audioformat_uac3() functions in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2025-40300)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the vcpu_enter_guest() function in arch/x86/kvm/x86.c. A local user can perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2023-53257)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee80211_rx_h_action() function in net/mac80211/rx.c. A local user can perform a denial of service (DoS) attack.
8) NULL pointer dereference (CVE-ID: CVE-2023-53232)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mt7921_mcu_parse_response() function in drivers/net/wireless/mediatek/mt76/mt7921/mcu.c. A local user can perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2023-53297)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_disconnect_rsp() function in net/bluetooth/l2cap_core.c. A local user can perform a denial of service (DoS) attack.
10) Buffer overflow (CVE-ID: CVE-2022-50341)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the fill_transform_hdr() and crypt_message() functions in fs/cifs/smb2ops.c. A local user can escalate privileges on the system.
11) Improper locking (CVE-ID: CVE-2023-53365)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ip6mr_cache_report() function in net/ipv6/ip6mr.c. A local user can perform a denial of service (DoS) attack.
12) NULL pointer dereference (CVE-ID: CVE-2022-50356)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sfb_reset() function in net/sched/sch_sfb.c. A local user can perform a denial of service (DoS) attack.
13) NULL pointer dereference (CVE-ID: CVE-2023-53354)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the skb_segment() function in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
14) Improper locking (CVE-ID: CVE-2023-53393)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the do_get_hw_stats() function in drivers/infiniband/hw/mlx5/counters.c. A local user can perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2022-50386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_connect_create_rsp() function in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
16) Out-of-bounds read (CVE-ID: CVE-2022-50403)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fs/ext4/ext4.h. A local user can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2022-50410)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfsd_proc_read() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.
18) Improper error handling (CVE-ID: CVE-2025-39883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the unpoison_memory() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.