SB2026040812 - Red Hat Enterprise Linux 8 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-49674)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the validate_region_size(), validate_raid_redundancy(), __rdev_sectors() and raid_iterate_devices() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.

2) Use-after-free (CVE-ID: CVE-2025-38180)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lec_itf_walk(), lec_seq_start() and lec_seq_stop() functions in net/atm/lec.c. A local user can escalate privileges on the system.

3) Use-after-free (CVE-ID: CVE-2025-38248)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the br_multicast_port_ctx_init() function in net/bridge/br_multicast.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2026-23209)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macvlan_common_newlink() function in drivers/net/macvlan.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2026:6961