Red Hat Product Errata RHSA-2025:16582 - Security Advisory
Issued:
2025-09-24
Updated:
2025-09-24

RHSA-2025:16582 - Security Advisory

Synopsis

Important: kpatch-patch-4_18_0-553_16_1, kpatch-patch-4_18_0-553_30_1, kpatch-patch-4_18_0-553_40_1, kpatch-patch-4_18_0-553_53_1, and kpatch-patch-4_18_0-553_72_1 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for multiple packages is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module is targeted for kernel-4.18.0-553.16.1.el8_10.

Security Fix(es):

  • kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)
  • kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (CVE-2025-38001)
  • kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
  • kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
  • kernel: i2c/designware: Fix an initialization issue (CVE-2025-38380)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le

Fixes

  • BZ - 2366848 - CVE-2025-37890 kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
  • BZ - 2370776 - CVE-2025-38001 kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
  • BZ - 2370786 - CVE-2025-38000 kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
  • BZ - 2382054 - CVE-2025-38350 kernel: net/sched: Always pass notifications when child class becomes empty
  • BZ - 2383381 - CVE-2025-38380 kernel: i2c/designware: Fix an initialization issue

Red Hat Enterprise Linux for x86_64 8

SRPM
kpatch-patch-4_18_0-553_16_1-1-10.el8_10.src.rpm SHA-256: c1b582f7e8ceb32c958f4b0830685dd3956005d984bea008e1634055263fb120
kpatch-patch-4_18_0-553_30_1-1-9.el8_10.src.rpm SHA-256: 637cc6acda8552287591bef3ecdcc2fccd0fcc82510f43c2c67eb374472a1e57
kpatch-patch-4_18_0-553_40_1-1-7.el8_10.src.rpm SHA-256: 5c135e3e264873e00cd5f385a5b8d49b79d05758546cd938158b1be35e7e1c8b
kpatch-patch-4_18_0-553_53_1-1-5.el8_10.src.rpm SHA-256: baaf28bdd6890b08f8bb9d1c39c02074788d641186143786cf9d251a8dfd406a
kpatch-patch-4_18_0-553_72_1-1-2.el8_10.src.rpm SHA-256: 0c388350c5e8e5eb0e861ffef74c39a3f059e806f3ccb709f7becbf0c3a8cd05
x86_64
kpatch-patch-4_18_0-553_16_1-1-10.el8_10.x86_64.rpm SHA-256: 88faf569eadc671e1df501259e69254e891cf9ceaa9f4e2d84d28c62cd58a828
kpatch-patch-4_18_0-553_16_1-debuginfo-1-10.el8_10.x86_64.rpm SHA-256: 6ad4464199c951aba928284b5f78e7c0043a71b8e251e5cfd43a07c5033383bb
kpatch-patch-4_18_0-553_16_1-debugsource-1-10.el8_10.x86_64.rpm SHA-256: d9a1f39db22f13f9abcc21b7ce868e24d8262e44f65bbf3a71e20464192e4cfb
kpatch-patch-4_18_0-553_30_1-1-9.el8_10.x86_64.rpm SHA-256: 6a6cfef964d0ea480e57e955f171f5db54921aeebada49ded3c63c2af44c4db8
kpatch-patch-4_18_0-553_30_1-debuginfo-1-9.el8_10.x86_64.rpm SHA-256: 9549cd158b3e8b8a3d7503129b1f7daf55a1bd6489722c38dcefb6019b7e4303
kpatch-patch-4_18_0-553_30_1-debugsource-1-9.el8_10.x86_64.rpm SHA-256: 11f94d77e55e8e310f3bed6f3909919100252c669823ac86d9cad551668e9159
kpatch-patch-4_18_0-553_40_1-1-7.el8_10.x86_64.rpm SHA-256: dae5051e78d66efe2e4ec50c60e8ce12c3a2f956d447286e66777e837dd8003d
kpatch-patch-4_18_0-553_40_1-debuginfo-1-7.el8_10.x86_64.rpm SHA-256: 059366af2cd46b61b5dcdcab4d8758d071a0cd3190444cc741cc96ba4f23bf4c
kpatch-patch-4_18_0-553_40_1-debugsource-1-7.el8_10.x86_64.rpm SHA-256: 032edbc224525900e666bc3fcd2ef10a97b7b7a03ac8d049f63e2d75e7239ca9
kpatch-patch-4_18_0-553_53_1-1-5.el8_10.x86_64.rpm SHA-256: 0ff3ddc81ddfc0102fa88064c9e9be12278853e0beb3c23820092fd4474f44c8
kpatch-patch-4_18_0-553_53_1-debuginfo-1-5.el8_10.x86_64.rpm SHA-256: 1b6814789280b5de4575e9dfe0e416a4e334e4a651dedb61aafd86b8e6ded6d5
kpatch-patch-4_18_0-553_53_1-debugsource-1-5.el8_10.x86_64.rpm SHA-256: ae5bf04c6064e7b918b2368c5fb84a3b51b7d6f5506e39674ae103d6223d2b04
kpatch-patch-4_18_0-553_72_1-1-2.el8_10.x86_64.rpm SHA-256: fd33646418d04d6fb2fb3c6f738aa3bcc124c4039e9e874766751397a3a1202c
kpatch-patch-4_18_0-553_72_1-debuginfo-1-2.el8_10.x86_64.rpm SHA-256: a65a3054ec05e069507d289b17efba4f2fb49bbe34fda6d80b11c521d92e4557
kpatch-patch-4_18_0-553_72_1-debugsource-1-2.el8_10.x86_64.rpm SHA-256: 3c0e05612e87ae304c0732a4bc27cd3f16fbe16bd9f4b4b1c219c0e65c7895fa

Red Hat Enterprise Linux for Power, little endian 8

SRPM
kpatch-patch-4_18_0-553_16_1-1-10.el8_10.src.rpm SHA-256: c1b582f7e8ceb32c958f4b0830685dd3956005d984bea008e1634055263fb120
kpatch-patch-4_18_0-553_30_1-1-9.el8_10.src.rpm SHA-256: 637cc6acda8552287591bef3ecdcc2fccd0fcc82510f43c2c67eb374472a1e57
kpatch-patch-4_18_0-553_40_1-1-7.el8_10.src.rpm SHA-256: 5c135e3e264873e00cd5f385a5b8d49b79d05758546cd938158b1be35e7e1c8b
kpatch-patch-4_18_0-553_53_1-1-5.el8_10.src.rpm SHA-256: baaf28bdd6890b08f8bb9d1c39c02074788d641186143786cf9d251a8dfd406a
kpatch-patch-4_18_0-553_72_1-1-2.el8_10.src.rpm SHA-256: 0c388350c5e8e5eb0e861ffef74c39a3f059e806f3ccb709f7becbf0c3a8cd05
ppc64le
kpatch-patch-4_18_0-553_16_1-1-10.el8_10.ppc64le.rpm SHA-256: 5688da6facf6c73dd3488320ddb99d1807ebd2a997df5b9892743b322fa00c45
kpatch-patch-4_18_0-553_16_1-debuginfo-1-10.el8_10.ppc64le.rpm SHA-256: e9b9cd97f301dba36db66b1c80546f298de7a3eaf8a67d404def15de285f757f
kpatch-patch-4_18_0-553_16_1-debugsource-1-10.el8_10.ppc64le.rpm SHA-256: 8a9df0741738ad6866e008108aa7f43ee84cb44a63a0f45727e03b340591b636
kpatch-patch-4_18_0-553_30_1-1-9.el8_10.ppc64le.rpm SHA-256: 7aae13fe980a580b1079f33fee24e22e9e6258f10bcddd42178ec6646776acd6
kpatch-patch-4_18_0-553_30_1-debuginfo-1-9.el8_10.ppc64le.rpm SHA-256: c2c37f576de4167a54355f57e83de29757c356cf084acbdd299d40eee26d7d5d
kpatch-patch-4_18_0-553_30_1-debugsource-1-9.el8_10.ppc64le.rpm SHA-256: 3da29a63e942f3eba1c7f3107c6ca8e4d99fd17ccaf5c32a7cb072900815e117
kpatch-patch-4_18_0-553_40_1-1-7.el8_10.ppc64le.rpm SHA-256: d1a7727fded426e26c42b1e32c086e5019604dda405cacacf29cd4da910ec949
kpatch-patch-4_18_0-553_40_1-debuginfo-1-7.el8_10.ppc64le.rpm SHA-256: cc2fd259bdf28dce602352afe260e00fd0d58e5cc8da814e06a72926771946dc
kpatch-patch-4_18_0-553_40_1-debugsource-1-7.el8_10.ppc64le.rpm SHA-256: 97fb83c728012070e330e397de40a260df9010d373ad1b17ed883ad377a0711e
kpatch-patch-4_18_0-553_53_1-1-5.el8_10.ppc64le.rpm SHA-256: 090af9064d71fb3dc7fd7793855fee34f835d847bf842e3fb7a7dfbfeb06cac8
kpatch-patch-4_18_0-553_53_1-debuginfo-1-5.el8_10.ppc64le.rpm SHA-256: 88918f3cadf578284375fc5207337215671950006825acd6488e4945dd8d734e
kpatch-patch-4_18_0-553_53_1-debugsource-1-5.el8_10.ppc64le.rpm SHA-256: 2a0ad4b2789c7da862b9e9623919566dd3b2c4606754f3c2ecc4701b6f55908e
kpatch-patch-4_18_0-553_72_1-1-2.el8_10.ppc64le.rpm SHA-256: dfe942a0beebe2f070db10a891a1e919fed79306bd0a4f1d91e849345adcc081
kpatch-patch-4_18_0-553_72_1-debuginfo-1-2.el8_10.ppc64le.rpm SHA-256: 1f48ace150c76a9d10d1e7b5215e93a8c98c96af2bbf6309a1398b9c6c660e17
kpatch-patch-4_18_0-553_72_1-debugsource-1-2.el8_10.ppc64le.rpm SHA-256: c8a1fcea46fa7b558fd3e83e0f605ae3c4d6f5f2adf704abd7970d0c12590443

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.