- Issued:
- 2025-11-18
- Updated:
- 2025-11-18
RHSA-2025:21667 - Security Advisory
Synopsis
Moderate: kernel security update
Type/Severity
Security Advisory: Moderate
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)
- kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)
- kernel: net: usb: smsc75xx: Limit packet length to skb->len (CVE-2023-53125)
- kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing (CVE-2022-50229)
- kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CVE-2022-50228)
- kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087)
- kernel: drm/amd/display: clear optc underflow before turn off odm clock (CVE-2022-49969)
- kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085)
- kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159)
- kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)
- kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)
- kernel: scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332)
- kernel: drm/gem: Acquire references on GEM handles for framebuffers (CVE-2025-38449)
- kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)
- kernel: do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498)
- kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)
- kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)
- kernel: tls: separate no-async decryption request handling from async (CVE-2024-58240)
- kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)
- kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
Fixes
- BZ - 2360224 - CVE-2025-22026 kernel: nfsd: don't ignore the return code of svc_proc_register()
- BZ - 2363672 - CVE-2025-37797 kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling
- BZ - 2363686 - CVE-2023-53125 kernel: net: usb: smsc75xx: Limit packet length to skb->len
- BZ - 2373460 - CVE-2022-50229 kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing
- BZ - 2373529 - CVE-2022-50228 kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
- BZ - 2373539 - CVE-2022-50087 kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
- BZ - 2373635 - CVE-2022-49969 kernel: drm/amd/display: clear optc underflow before turn off odm clock
- BZ - 2375304 - CVE-2025-38085 kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
- BZ - 2376064 - CVE-2025-38159 kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
- BZ - 2376392 - CVE-2025-38200 kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw
- BZ - 2376406 - CVE-2025-38211 kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
- BZ - 2379246 - CVE-2025-38332 kernel: scsi: lpfc: Use memcpy() for BIOS version
- BZ - 2383519 - CVE-2025-38449 kernel: drm/gem: Acquire references on GEM handles for framebuffers
- BZ - 2383922 - CVE-2025-38477 kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate
- BZ - 2384422 - CVE-2025-38498 kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
- BZ - 2388928 - CVE-2025-38527 kernel: smb: client: fix use-after-free in cifs_oplock_break
- BZ - 2389456 - CVE-2025-38556 kernel: HID: core: Harden s32ton() against conversion to 0 bits
- BZ - 2391431 - CVE-2024-58240 kernel: tls: separate no-async decryption request handling from async
- BZ - 2393731 - CVE-2025-39730 kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
- BZ - 2394624 - CVE-2025-39751 kernel: Linux kernel ALSA hda/ca0132 buffer overflow
CVEs
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux Server - AUS 8.2
| SRPM | |
|---|---|
| kernel-4.18.0-193.173.1.el8_2.src.rpm | SHA-256: 5477572740de1195d852378bba8e868bae7d41de814875fc614531d8d9110657 |
| x86_64 | |
| bpftool-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 446347c4a5826187ddcf4a4c3e60640325b10d52abf71da8e0c53a51bb1a955e |
| bpftool-debuginfo-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 8afa9f9989535f3af3df7dabc41137dcbc6905126d3de0f5a84cacc74fac3161 |
| kernel-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: c64f6a3f60619ac33c6df44e82f1d8cc984c4afc1c4af6f25eff482a7e050eb1 |
| kernel-abi-whitelists-4.18.0-193.173.1.el8_2.noarch.rpm | SHA-256: cb2ab0f1c878d3df217eabb82793c7bdeba442405e7de0177b5a44a558813d74 |
| kernel-core-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: fc881e6d99912fd8114af46ba0120f709daba38d4ad9ed0952a48ce053eef55d |
| kernel-cross-headers-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 7024eab077fd7c5209c1f63ba70d029771ca55cffd4ea0c5a5b2cca434fb8499 |
| kernel-debug-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: fa5b769cea2d1a5234d313e1d6c0510e5d776cf241e62d2537e23dc7bd13817f |
| kernel-debug-core-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: bf73079f70342932858b319fa14864605b820ca6a08f30a4658d7799dc4fc73b |
| kernel-debug-debuginfo-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 532f7793fc8bf84ebe57c5ecf339ee0a1cbf6effc77a1c5949a39996be7ed0b9 |
| kernel-debug-devel-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 00cef7ddde02e1d06d7f22456db09f8759c5d5b6fd6fa6a6dc6cfa02ed917979 |
| kernel-debug-modules-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 67208ecad30a5de9c11bee826f280fa5c48f2a0fc3b8a939d842a3a0c7676f86 |
| kernel-debug-modules-extra-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: c5b04c7088b0caee48527dfb0c38b18299179e8e88827bab34863d64cc577413 |
| kernel-debuginfo-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 4b2c5155376b857c157ba3eeae6c3b6140b2795f4861c312eca317907e0b7e2f |
| kernel-debuginfo-common-x86_64-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 558d0db430d07f408300ed943be284f83a2fe1576a4b100d47c7908f20c2e171 |
| kernel-devel-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 199cfd5e4b637c3cbf8b7bd205c0b1528784db312045ebfc7e30fd2fe131b916 |
| kernel-doc-4.18.0-193.173.1.el8_2.noarch.rpm | SHA-256: 28d6eb4a2808f5f83d6ed55ecab96b6439a2426efbd05190ae57ac3a1963df1f |
| kernel-headers-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 98a1108b635070e9922aa4cf74823c4564680b1adcbeaf9981e2320ec7218797 |
| kernel-modules-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: ea5ecd867cecfba2431284c70c207216dd06431b3520a849ffaddb6966088ab7 |
| kernel-modules-extra-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 514827c58666934f17bcd91cd9e50e1a4a109195ec0707e17345150e88dc7725 |
| kernel-tools-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 82cf94a68f856a768bfa1c1ff915ec838fb2848d33f40a6032e22dbbf04a753f |
| kernel-tools-debuginfo-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 3812a8bc1d1c90cc4249918960ece3fbd664c38ae0fee5a66c5e5faf257cd016 |
| kernel-tools-libs-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 90918b1ac44cd5ea416c10d7c6ecb206438c13ef62812fa7f0d40199bcfa52c2 |
| perf-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: bb5ae3c5a0011e908b1e414d7456ceffcf56de9d70b042e4f7748a3eb92fa0f4 |
| perf-debuginfo-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 5fe74e617d470bbca2829263b17b53b8262a78d0c0a7459eac5fbadda60b385b |
| python3-perf-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: 22acf1b9cac8205811e01652297264497fb692fcc029afd81ff0b9774ffc9f71 |
| python3-perf-debuginfo-4.18.0-193.173.1.el8_2.x86_64.rpm | SHA-256: cbe30359123096a3fc05893cf1ea9e6bc212dcec1fd2aff17539525835497aa6 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
