SB2025122256 - Red Hat Enterprise Linux 7 Extended Lifecycle Support update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025122256

SB2025122256 - Red Hat Enterprise Linux 7 Extended Lifecycle Support update for kernel

Published: December 22, 2025

Security Bulletin ID SB2025122256
Severity
Low
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2025-38729)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the validate_uac3_feature_unit() and FUNC() functions in sound/usb/validate.c. A local user can perform a denial of service (DoS) attack.


2) Out-of-bounds read (CVE-ID: CVE-2025-39757)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the convert_chmap_v3() and snd_usb_get_audioformat_uac3() functions in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.


3) Use-after-free (CVE-ID: CVE-2023-53178)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_writeback_entry() function in mm/zswap.c. A local user can escalate privileges on the system.


4) Input validation error (CVE-ID: CVE-2023-53297)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the l2cap_disconnect_rsp() function in net/bluetooth/l2cap_core.c. A local user can perform a denial of service (DoS) attack.


5) Use-after-free (CVE-ID: CVE-2023-53322)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qla2x00_terminate_rport_io() function in drivers/scsi/qla2xxx/qla_attr.c. A local user can escalate privileges on the system.


6) Use-after-free (CVE-ID: CVE-2022-50367)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inode_init_always() function in fs/inode.c. A local user can escalate privileges on the system.


7) NULL pointer dereference (CVE-ID: CVE-2022-50356)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sfb_reset() function in net/sched/sch_sfb.c. A local user can perform a denial of service (DoS) attack.


8) Out-of-bounds read (CVE-ID: CVE-2022-50403)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fs/ext4/ext4.h. A local user can perform a denial of service (DoS) attack.


9) Buffer overflow (CVE-ID: CVE-2022-50410)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfsd_proc_read() function in fs/nfsd/nfsproc.c. A local user can escalate privileges on the system.


10) NULL pointer dereference (CVE-ID: CVE-2022-50406)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iomap_writepage_map() function in fs/iomap/buffered-io.c. A local user can perform a denial of service (DoS) attack.


11) Resource management error (CVE-ID: CVE-2025-39955)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tcp_disconnect() function in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References