Red Hat Product Errata RHSA-2025:22752 - Security Advisory
Issued:
2025-12-04
Updated:
2025-12-04

RHSA-2025:22752 - Security Advisory

Synopsis

Moderate: kernel security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug (CVE-2022-48701)
  • kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)
  • kernel: udp: Fix memory accounting leak. (CVE-2025-22058)
  • kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)
  • kernel: net: usb: smsc75xx: Limit packet length to skb->len (CVE-2023-53125)
  • kernel: net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914)
  • kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() (CVE-2022-50050)
  • kernel: mptcp: do not queue data on closed subflows (CVE-2022-50070)
  • kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing (CVE-2022-50229)
  • kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CVE-2022-50228)
  • kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087)
  • kernel: bpf: Don't use tnum_range on array range checking for poke descriptors (CVE-2022-49985)
  • kernel: drm/amd/display: clear optc underflow before turn off odm clock (CVE-2022-49969)
  • kernel: md-raid10: fix KASAN warning (CVE-2022-50211)
  • kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)
  • kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)
  • kernel: scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332)
  • kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461)
  • kernel: drm/gem: Acquire references on GEM handles for framebuffers (CVE-2025-38449)
  • kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate (CVE-2025-38477)
  • kernel: do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498)
  • kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)
  • kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)
  • kernel: tls: separate no-async decryption request handling from async (CVE-2024-58240)
  • kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)
  • kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730)
  • kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751)
  • kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (CVE-2023-53213)
  • kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes (CVE-2023-53185)
  • kernel: mm: fix zswap writeback race condition (CVE-2023-53178)
  • kernel: Bluetooth: L2CAP: Fix use-after-free (CVE-2023-53305)
  • kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)
  • kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails (CVE-2022-50356)
  • kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags (CVE-2023-53354)
  • kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)
  • kernel: Bluetooth: Fix potential use-after-free when clear keys (CVE-2023-53386)
  • kernel: Bluetooth: L2CAP: Fix user-after-free (CVE-2022-50386)
  • kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values (CVE-2022-50403)
  • kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (CVE-2022-50408)
  • kernel: NFSD: Protect against send buffer overflow in NFSv2 READ (CVE-2022-50410)
  • kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64

Fixes

  • BZ - 2278950 - CVE-2022-48701 kernel: ALSA: usb-audio: ALSA USB Audio Out-of-Bounds Bug
  • BZ - 2360224 - CVE-2025-22026 kernel: nfsd: don't ignore the return code of svc_proc_register()
  • BZ - 2360276 - CVE-2025-22058 kernel: udp: Fix memory accounting leak.
  • BZ - 2363672 - CVE-2025-37797 kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling
  • BZ - 2363686 - CVE-2023-53125 kernel: net: usb: smsc75xx: Limit packet length to skb->len
  • BZ - 2367500 - CVE-2025-37914 kernel: net_sched: ets: Fix double list add in class with netem as child qdisc
  • BZ - 2373423 - CVE-2022-50050 kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()
  • BZ - 2373435 - CVE-2022-50070 kernel: mptcp: do not queue data on closed subflows
  • BZ - 2373460 - CVE-2022-50229 kernel: ALSA: bcd2000: Fix a UAF bug on the error path of probing
  • BZ - 2373529 - CVE-2022-50228 kernel: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
  • BZ - 2373539 - CVE-2022-50087 kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
  • BZ - 2373540 - CVE-2022-49985 kernel: bpf: Don't use tnum_range on array range checking for poke descriptors
  • BZ - 2373635 - CVE-2022-49969 kernel: drm/amd/display: clear optc underflow before turn off odm clock
  • BZ - 2373662 - CVE-2022-50211 kernel: md-raid10: fix KASAN warning
  • BZ - 2376392 - CVE-2025-38200 kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw
  • BZ - 2376406 - CVE-2025-38211 kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
  • BZ - 2379246 - CVE-2025-38332 kernel: scsi: lpfc: Use memcpy() for BIOS version
  • BZ - 2383513 - CVE-2025-38461 kernel: vsock: Fix transport_* TOCTOU
  • BZ - 2383519 - CVE-2025-38449 kernel: drm/gem: Acquire references on GEM handles for framebuffers
  • BZ - 2383922 - CVE-2025-38477 kernel: net/sched: sch_qfq: Fix race condition on qfq_aggregate
  • BZ - 2384422 - CVE-2025-38498 kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
  • BZ - 2388928 - CVE-2025-38527 kernel: smb: client: fix use-after-free in cifs_oplock_break
  • BZ - 2389456 - CVE-2025-38556 kernel: HID: core: Harden s32ton() against conversion to 0 bits
  • BZ - 2391431 - CVE-2024-58240 kernel: tls: separate no-async decryption request handling from async
  • BZ - 2393481 - CVE-2025-39697 kernel: NFS: Fix a race when updating an existing write
  • BZ - 2393731 - CVE-2025-39730 kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
  • BZ - 2394624 - CVE-2025-39751 kernel: Linux kernel ALSA hda/ca0132 buffer overflow
  • BZ - 2395267 - CVE-2023-53213 kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  • BZ - 2395297 - CVE-2023-53185 kernel: wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
  • BZ - 2395358 - CVE-2023-53178 kernel: mm: fix zswap writeback race condition
  • BZ - 2395858 - CVE-2023-53305 kernel: Bluetooth: L2CAP: Fix use-after-free
  • BZ - 2396114 - CVE-2022-50367 kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy
  • BZ - 2396152 - CVE-2022-50356 kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails
  • BZ - 2396158 - CVE-2023-53354 kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags
  • BZ - 2396379 - CVE-2023-53373 kernel: crypto: seqiv - Handle EBUSY correctly
  • BZ - 2396419 - CVE-2023-53386 kernel: Bluetooth: Fix potential use-after-free when clear keys
  • BZ - 2396431 - CVE-2022-50386 kernel: Bluetooth: L2CAP: Fix user-after-free
  • BZ - 2396494 - CVE-2022-50403 kernel: ext4: fix undefined behavior in bit shift for ext4_check_flag_values
  • BZ - 2396506 - CVE-2022-50408 kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
  • BZ - 2396536 - CVE-2022-50410 kernel: NFSD: Protect against send buffer overflow in NFSv2 READ
  • BZ - 2396934 - CVE-2025-39864 kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
kernel-4.18.0-305.179.1.el8_4.src.rpm SHA-256: d675242431aa932e34bcd3e95305a87fed7eca86f512c9430c5903db7f0993cf
x86_64
bpftool-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 4b9481914b92a6f958979a337b47b126117907d6fa6168937bf3dd28c47f7f86
bpftool-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: ea3c8e4dc3d77936022bcf56f282b5596b3a8f46f4aa7c05c3eefcc914c6d2ca
kernel-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 80385899a26d8c3c397d7f8a4bfa2ffe03c19ecd129b4e6f285381f5b6e3d650
kernel-abi-stablelists-4.18.0-305.179.1.el8_4.noarch.rpm SHA-256: cb5e150b4493a93eaa17b37e46aa649129cafaba1325d287813421ef4bb230c6
kernel-core-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 6deefdf41799bafb86a59b35ede226c81a7969f8406a1b2c15cb6468838f7e43
kernel-cross-headers-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 510bb299af4ab730c65fb4bbab9165d042a2fc6d9ee1cbaecaff23dee88ef27e
kernel-debug-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 7114465c87711fc068d210f5384d5040d387ffac9994fed29ec429bc4f81a564
kernel-debug-core-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: ca73763382eeb43281c201220624ede5a4fa0d97aa11f9ccb490b2b7419b33fe
kernel-debug-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 570bf62a8a98414be93fb2c44c9afaaf92e476102a946f859981d48f712e0b2e
kernel-debug-devel-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: f8fcec7aba7fb8a2e09c1f26e9a128a92768941e6883ba05c97cd9034ed21e5a
kernel-debug-modules-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 745eb271fc1341c98e45aa6b4fc81524f2bbbbc96a7af2af03d825657eb1db65
kernel-debug-modules-extra-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: aadab22b1b148dca525d64d7c272c20bce47356096eb5ccbf1796420c8c76d55
kernel-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 26ec8c13afdd399a2969fa101482c4bdf98474c629c39f138e26fae4e2a49ce8
kernel-debuginfo-common-x86_64-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 0659e105b393a69cff8955d12bb88d3b7ae4af48a21c958de15aa5d2dc9902cb
kernel-devel-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 278036e2c2e24b0838d6d3ce8124fccac6e08ca34291a6486d95963e8eaa7723
kernel-doc-4.18.0-305.179.1.el8_4.noarch.rpm SHA-256: 188211daab17c485645237bf1520efb01176dba1ff2df2cd17cdacad03e9cf76
kernel-headers-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 825b0e889f51aadd25a34f6b0909b58ab70862bcf0f11a8624099d91803b5928
kernel-modules-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 9f4d0e2257064f8fa64300a88b9ebff8ac86c94c7cbba44a3aaa2cbc01ca03b3
kernel-modules-extra-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: b0fd81115376d3d3a11aa8c3bc7b217dbf12a6891ff3f6a11e9a78ead9cb236c
kernel-tools-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 92a20ed1c4f271cd9a4f70af4130a4f57b81e13fdb03b965b09d8318a0fd1eb8
kernel-tools-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: c3123f525e808507a58ab862374f8e5912456464970af71c82b486a6c38d4ba1
kernel-tools-libs-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 18c4be9237912fedc3fbd60673b91be1f4f948878272968c39c8e82333040a3f
perf-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 4cb8da2182471c23e4d3f1dc2aa9c526c4c413ba9e3e0710514a6a4f1384c0d2
perf-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: c0f06e99d7a8b7d1ef0e8495f71d65455648c2ba879660a4080d1a97d3db1d65
python3-perf-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: aab5fc2916b60f98808598828c7854af871668fcbe16fe057ccf08584d2cc3fa
python3-perf-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 6c9b28477e8584a9686c832b03c1f9ec120862aa6648d617decb59d9fe4ccb39

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
kernel-4.18.0-305.179.1.el8_4.src.rpm SHA-256: d675242431aa932e34bcd3e95305a87fed7eca86f512c9430c5903db7f0993cf
x86_64
bpftool-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 4b9481914b92a6f958979a337b47b126117907d6fa6168937bf3dd28c47f7f86
bpftool-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: ea3c8e4dc3d77936022bcf56f282b5596b3a8f46f4aa7c05c3eefcc914c6d2ca
kernel-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 80385899a26d8c3c397d7f8a4bfa2ffe03c19ecd129b4e6f285381f5b6e3d650
kernel-abi-stablelists-4.18.0-305.179.1.el8_4.noarch.rpm SHA-256: cb5e150b4493a93eaa17b37e46aa649129cafaba1325d287813421ef4bb230c6
kernel-core-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 6deefdf41799bafb86a59b35ede226c81a7969f8406a1b2c15cb6468838f7e43
kernel-cross-headers-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 510bb299af4ab730c65fb4bbab9165d042a2fc6d9ee1cbaecaff23dee88ef27e
kernel-debug-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 7114465c87711fc068d210f5384d5040d387ffac9994fed29ec429bc4f81a564
kernel-debug-core-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: ca73763382eeb43281c201220624ede5a4fa0d97aa11f9ccb490b2b7419b33fe
kernel-debug-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 570bf62a8a98414be93fb2c44c9afaaf92e476102a946f859981d48f712e0b2e
kernel-debug-devel-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: f8fcec7aba7fb8a2e09c1f26e9a128a92768941e6883ba05c97cd9034ed21e5a
kernel-debug-modules-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 745eb271fc1341c98e45aa6b4fc81524f2bbbbc96a7af2af03d825657eb1db65
kernel-debug-modules-extra-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: aadab22b1b148dca525d64d7c272c20bce47356096eb5ccbf1796420c8c76d55
kernel-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 26ec8c13afdd399a2969fa101482c4bdf98474c629c39f138e26fae4e2a49ce8
kernel-debuginfo-common-x86_64-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 0659e105b393a69cff8955d12bb88d3b7ae4af48a21c958de15aa5d2dc9902cb
kernel-devel-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 278036e2c2e24b0838d6d3ce8124fccac6e08ca34291a6486d95963e8eaa7723
kernel-doc-4.18.0-305.179.1.el8_4.noarch.rpm SHA-256: 188211daab17c485645237bf1520efb01176dba1ff2df2cd17cdacad03e9cf76
kernel-headers-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 825b0e889f51aadd25a34f6b0909b58ab70862bcf0f11a8624099d91803b5928
kernel-modules-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 9f4d0e2257064f8fa64300a88b9ebff8ac86c94c7cbba44a3aaa2cbc01ca03b3
kernel-modules-extra-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: b0fd81115376d3d3a11aa8c3bc7b217dbf12a6891ff3f6a11e9a78ead9cb236c
kernel-tools-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 92a20ed1c4f271cd9a4f70af4130a4f57b81e13fdb03b965b09d8318a0fd1eb8
kernel-tools-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: c3123f525e808507a58ab862374f8e5912456464970af71c82b486a6c38d4ba1
kernel-tools-libs-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 18c4be9237912fedc3fbd60673b91be1f4f948878272968c39c8e82333040a3f
perf-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 4cb8da2182471c23e4d3f1dc2aa9c526c4c413ba9e3e0710514a6a4f1384c0d2
perf-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: c0f06e99d7a8b7d1ef0e8495f71d65455648c2ba879660a4080d1a97d3db1d65
python3-perf-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: aab5fc2916b60f98808598828c7854af871668fcbe16fe057ccf08584d2cc3fa
python3-perf-debuginfo-4.18.0-305.179.1.el8_4.x86_64.rpm SHA-256: 6c9b28477e8584a9686c832b03c1f9ec120862aa6648d617decb59d9fe4ccb39

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.