Security News

Cybersecurity news aggregator

🐧
MEDIUM Updates Web Discovery

redhat.com

linuxredhatkernelcve-2025-38403cve-2025-40170
  • What: Red Hat has released a security update for the kernel in Red Hat Enterprise Linux 8 to address two vulnerabilities.
  • Impact: Successful exploitation of these vulnerabilities could lead to security issues.
  • CVE: CVE-2025-38403, CVE-2025-40170
  • Affected: Red Hat Enterprise Linux 8
  • Patch: An update for kernel is now available.
Read Full Article →

Red Hat Product Errata RHSA-2026:2264 - Security Advisory Issued: 2026-02-09 Updated: 2026-02-09 RHSA-2026:2264 - Security Advisory Synopsis Moderate: kernel security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it (CVE-2025-38403) kernel: net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170) kernel: ipv6: use RCU in ip6_xmit() (CVE-2025-40135) kernel: ipv6: use RCU in ip6_output() (CVE-2025-40158) kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service (CVE-2025-40269) kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673) kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349) kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Fixes BZ - 2383421 - CVE-2025-38403 kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it BZ - 2414506 - CVE-2025-40170 kernel: net: use dst_dev_rcu() in sk_setup_caps() BZ - 2414521 - CVE-2025-40135 kernel: ipv6: use RCU in ip6_xmit() BZ - 2414523 - CVE-2025-40158 kernel: ipv6: use RCU in ip6_output() BZ - 2419919 - CVE-2025-40269 kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service BZ - 2420347 - CVE-2022-50673 kernel: ext4: fix use-after-free in ext4_orphan_cleanup BZ - 2424880 - CVE-2025-68349 kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid BZ - 2432671 - CVE-2026-22998 kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec CVEs CVE-2022-50673 CVE-2025-38403 CVE-2025-40135 CVE-2025-40158 CVE-2025-40170 CVE-2025-40269 CVE-2025-68349 CVE-2026-22998 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM kernel-4.18.0-553.104.1.el8_10.src.rpm SHA-256: e5c1884a3fab02905beef3434aa0b97d4ebaef1368e8c09686fb156cf9d1fb5c x86_64 bpftool-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: dbc5cadf21643d658b957fe1eb507a4224239bc5f659c6f34ab261f03d99eece bpftool-debuginfo-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: 5cd68c45b2644e3d27a21e0e5233f28835bcb592d6ff0a0816f406618857fbcd kernel-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: 276dda9a22716f85046697231a8c9696f9969483a10307c189eebdf857ed172e kernel-abi-stablelists-4.18.0-553.104.1.el8_10.noarch.rpm SHA-256: 4f06e9ab02d23447eecdba5d4642e720d061df6106c3073d98d3a3e730971c0a kernel-core-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: 8cd3e19065a16d390bb71570f29316a3d2282d1d8224185ff7aedeeded821e81 kernel-cross-headers-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: e91a69f322e8a56925363b0ac65892da0ca7edf66273587f76b886a9e786906e kernel-debug-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: 1cb1f0a86dce5245ebebea6968297b5636ac33995b6107fa9dd81048bf52e7c1 kernel-debug-core-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: fa4cbbe8fd69a0d134100429eb37796c0b7b07ef7c261b2473c9710eb803732d kernel-debug-debuginfo-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: a9d81e97455e1775d210e958780cf23fafd6120f662101494353c942a621248d kernel-debug-devel-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: 45169dd427aa143ce99826c73df1ec5686aa79394e5813091f2823b63a5dfe1d kernel-debug-modules-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: 19c81a394925c0ec74470da410d84a289a247da02c921d1323bfe20ed395bf49 kernel-debug-modules-extra-4.18.0-553.104.1.el8_10.x86_64.rpm SHA-256: 336dd9ce1971c64553ecb709d5f9a4b2

Related Articles

HIGH Multiples vulnérabilités dans les produits IBM (20 mars 2026) CERT-FR (ANSSI) MEDIUM redhat.com Web Discovery MEDIUM Multiples vulnérabilités dans le noyau Linux de Red Hat (13 février 2026) CERT-FR (ANSSI) MEDIUM USN-8029-1: Linux kernel vulnerabilities Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn