RHEL 10 : kernel (RHSA-2025:20095)

medium Nessus Plugin ID 274759

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for kernel.

Description

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:20095 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241)

* kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147)

* kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222)

* kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)

* kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662)

* kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675)

* kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)

* kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)

* kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)

* kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)

* kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633)

* kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652)

* kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)

* kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655)

* kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941)

* kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942)

* kernel: zram: fix potential UAF of zram table (CVE-2025-21671)

* kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680)

* kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693)

* kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691)

* kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)

* kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)

* kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732)

* kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)

* kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456)

* kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987)

* kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)

* kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988)

* kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)

* kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004)

* kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742)

* kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743)

* kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989)

* kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)

* kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)

* kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)

* kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786)

* kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005)

* kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013)

* kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777)

* kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)

* kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986)

* kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)

* kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)

* kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020)

* kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984)

* kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)

* kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771)

* kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)

* kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977)

* kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)

* kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741)

* kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)

* kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)

* kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006)

* kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012)

* kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750)

* kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)

* kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069)

* kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061)

* kernel: idpf: convert workqueues to unbound (CVE-2024-58057)

* kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828)

* kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)

* kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077)

* kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075)

* kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837)

* kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350)

* kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357)

* kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857)

* kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851)

* kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855)

* kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844)

* kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)

* kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847)

* kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864)

* kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)

* kernel: acct: perform last write from workqueue (CVE-2025-21846)

* kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861)

* kernel: io_uring: prevent opcode speculation (CVE-2025-21863)

* kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976)

* kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)

* kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749)

* microcode_ctl: From CVEorg collector (CVE-2024-28956)

* kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)

* kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)

* kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412)

* kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369)

* kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kernel package based on the guidance in RHSA-2025:20095.

Plugin Details

Severity: Medium

ID: 274759

File Name: redhat-RHSA-2025-20095.nasl

Version: 1.1

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 11/11/2025

Updated: 11/11/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-22056

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.7

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2024-28956

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-debug, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:perf, p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-tools, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs, p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-modules, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra, p-cpe:/a:redhat:enterprise_linux:python3-perf, p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k, p-cpe:/a:redhat:enterprise_linux:kernel-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-64k-devel-matched, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-64k-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-debug-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt, p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-core, p-cpe:/a:redhat:enterprise_linux:rtla, p-cpe:/a:redhat:enterprise_linux:libperf, p-cpe:/a:redhat:enterprise_linux:rv, p-cpe:/a:redhat:enterprise_linux:kernel-uki-virt-addons, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-debug-modules-extra, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-core, p-cpe:/a:redhat:enterprise_linux:kernel-rt-64k-modules-extra, cpe:/o:redhat:enterprise_linux:10.1, p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra-matched

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/11/2025

Vulnerability Publication Date: 12/12/2023

Reference Information

CVE: CVE-2024-28956, CVE-2024-36350, CVE-2024-36357, CVE-2024-49570, CVE-2024-52332, CVE-2024-53147, CVE-2024-53216, CVE-2024-53222, CVE-2024-53241, CVE-2024-54456, CVE-2024-56662, CVE-2024-56675, CVE-2024-56690, CVE-2024-57901, CVE-2024-57902, CVE-2024-57941, CVE-2024-57942, CVE-2024-57977, CVE-2024-57981, CVE-2024-57984, CVE-2024-57986, CVE-2024-57987, CVE-2024-57988, CVE-2024-57989, CVE-2024-57995, CVE-2024-58004, CVE-2024-58005, CVE-2024-58006, CVE-2024-58012, CVE-2024-58013, CVE-2024-58014, CVE-2024-58015, CVE-2024-58020, CVE-2024-58057, CVE-2024-58061, CVE-2024-58069, CVE-2024-58072, CVE-2024-58075, CVE-2024-58077, CVE-2024-58088, CVE-2025-21647, CVE-2025-21652, CVE-2025-21655, CVE-2025-21671, CVE-2025-21680, CVE-2025-21691, CVE-2025-21693, CVE-2025-21696, CVE-2025-21702, CVE-2025-21726, CVE-2025-21732, CVE-2025-21738, CVE-2025-21741, CVE-2025-21742, CVE-2025-21743, CVE-2025-21750, CVE-2025-21761, CVE-2025-21765, CVE-2025-21771, CVE-2025-21777, CVE-2025-21785, CVE-2025-21786, CVE-2025-21790, CVE-2025-21791, CVE-2025-21795, CVE-2025-21796, CVE-2025-21826, CVE-2025-21828, CVE-2025-21844, CVE-2025-21846, CVE-2025-21847, CVE-2025-21851, CVE-2025-21853, CVE-2025-21855, CVE-2025-21857, CVE-2025-21861, CVE-2025-21863, CVE-2025-21864, CVE-2025-21976, CVE-2025-22056, CVE-2025-37749, CVE-2025-37994, CVE-2025-38116, CVE-2025-38369, CVE-2025-38412, CVE-2025-38468

CWE: 119, 120, 125, 129, 1421, 20, 252, 362, 400, 414, 416, 438, 476, 667, 682, 703, 754, 787, 833, 863, 99

RHSA: 2025:20095

Detections

Analytics