SB2026030922 - Red Hat Enterprise Linux 9 update for kernel
Published: March 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2024-47727)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the handle_mmio() function in arch/x86/coco/tdx/tdx.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2024-56603)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the can_create() function in net/can/af_can.c. A local user can escalate privileges on the system.
3) Resource management error (CVE-ID: CVE-2025-22056)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_tunnel_obj_geneve_init() and nft_tunnel_opts_dump() functions in net/netfilter/nft_tunnel.c. A local user can perform a denial of service (DoS) attack.
4) Use-after-free (CVE-ID: CVE-2025-38024)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_cq_from_init() function in drivers/infiniband/sw/rxe/rxe_cq.c. A local user can escalate privileges on the system.
5) Use-after-free (CVE-ID: CVE-2025-38129)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.
6) Use-after-free (CVE-ID: CVE-2025-38141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dm_blk_report_zones() and dm_revalidate_zones() functions in drivers/md/dm-zone.c. A local user can escalate privileges on the system.
7) Improper locking (CVE-ID: CVE-2025-38703)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the xe_hw_fence_irq_finish() function in drivers/gpu/drm/xe/xe_hw_fence.c, within the __guc_exec_queue_fini_async() and guc_exec_queue_init() functions in drivers/gpu/drm/xe/xe_guc_submit.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.