SB2026040118 - Multiple vulnerabilities in IBM QRadar SIEM

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2025-38129)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the page_pool_ethtool_stats_get(), page_pool_return_page() and page_pool_scrub() functions in net/core/page_pool.c. A local user can escalate privileges on the system.

2) Use-after-free (CVE-ID: CVE-2025-38248)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2025-40064)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smc_pnet_find_ism_by_pnetid() function in net/smc/smc_pnet.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2025-68800)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlxsw_sp_mr_route_add() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c. A local user can escalate privileges on the system.

5) Use-after-free (CVE-ID: CVE-2026-23074)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.

6) Out-of-bounds write (CVE-ID: CVE-2025-69419)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error within the PKCS12_get_friendlyname() function when parsing PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point. A remote attacker can pass a specially crafted PKCS#12 file to the application, trigger an out-of-bounds write and perform a denial of service attack.

7) Integer overflow (CVE-ID: CVE-2025-12818)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in multiple PostgreSQL libpq client library functions. A remote user can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Resource management error (CVE-ID: CVE-2025-71085)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.

9) Use-after-free (CVE-ID: CVE-2026-23001)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macvlan_hash_lookup_source(), macvlan_hash_add_source(), macvlan_hash_add(), macvlan_flush_sources(), macvlan_forward_source() and macvlan_fill_info_macaddr() functions in drivers/net/macvlan.c. A local user can escalate privileges on the system.

10) Improper locking (CVE-ID: CVE-2026-23097)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the unmap_and_move_huge_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7268179