{
  "threat_severity" : "Moderate",
  "public_date" : "2025-06-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: RDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem",
    "id" : "2373326",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373326"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nRDMA/core: Fix \"KASAN: slab-use-after-free Read in ib_register_device\" problem\nCall Trace:\n__dump_stack lib/dump_stack.c:94 [inline]\ndump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\nprint_address_description mm/kasan/report.c:408 [inline]\nprint_report+0xc3/0x670 mm/kasan/report.c:521\nkasan_report+0xe0/0x110 mm/kasan/report.c:634\nstrlen+0x93/0xa0 lib/string.c:420\n__fortify_strlen include/linux/fortify-string.h:268 [inline]\nget_kobj_path_length lib/kobject.c:118 [inline]\nkobject_get_path+0x3f/0x2a0 lib/kobject.c:158\nkobject_uevent_env+0x289/0x1870 lib/kobject_uevent.c:545\nib_register_device drivers/infiniband/core/device.c:1472 [inline]\nib_register_device+0x8cf/0xe00 drivers/infiniband/core/device.c:1393\nrxe_register_device+0x275/0x320 drivers/infiniband/sw/rxe/rxe_verbs.c:1552\nrxe_net_add+0x8e/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:550\nrxe_newlink+0x70/0x190 drivers/infiniband/sw/rxe/rxe.c:225\nnldev_newlink+0x3a3/0x680 drivers/infiniband/core/nldev.c:1796\nrdma_nl_rcv_msg+0x387/0x6e0 drivers/infiniband/core/netlink.c:195\nrdma_nl_rcv_skb.constprop.0.isra.0+0x2e5/0x450\nnetlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]\nnetlink_unicast+0x53a/0x7f0 net/netlink/af_netlink.c:1339\nnetlink_sendmsg+0x8d1/0xdd0 net/netlink/af_netlink.c:1883\nsock_sendmsg_nosec net/socket.c:712 [inline]\n__sock_sendmsg net/socket.c:727 [inline]\n____sys_sendmsg+0xa95/0xc70 net/socket.c:2566\n___sys_sendmsg+0x134/0x1d0 net/socket.c:2620\n__sys_sendmsg+0x16d/0x220 net/socket.c:2652\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xcd/0x260 arch/x86/entry/syscall_64.c:94\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nThis problem is similar to the problem that the\ncommit 1d6a9e7449e2 (\"RDMA/core: Fix use-after-free when rename device name\")\nfixes.\nThe root cause is: the function ib_device_rename() renames the name with\nlock. But in the function kobject_uevent(), this name is accessed without\nlock protection at the same time.\nThe solution is to add the lock protection when this name is accessed in\nthe function kobject_uevent()." ],
  "statement" : "This is a Moderate flaw, a use-after-free was found in the Linux kernel's RDMA core, specifically in the handling of device name renaming due to a race problem. This vulnerability could lead to a system crash or potential information disclosure. Red Hat Enterprise Linux 8, 9, and 10 are affected by this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1690",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.31.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1661",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.100.1.rt7.441.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-02-02T00:00:00Z",
    "advisory" : "RHSA-2026:1662",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.100.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2026-02-26T00:00:00Z",
    "advisory" : "RHSA-2026:3388",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "kernel-0:4.18.0-193.187.1.el8_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3360",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.4",
    "package" : "kernel-0:4.18.0-305.186.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3360",
    "cpe" : "cpe:/o:redhat:rhel_eus_long_life:8.4",
    "package" : "kernel-0:4.18.0-305.186.1.el8_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3268",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.6",
    "package" : "kernel-0:4.18.0-372.181.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3268",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.6",
    "package" : "kernel-0:4.18.0-372.181.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3268",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.6",
    "package" : "kernel-0:4.18.0-372.181.1.el8_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-02-11T00:00:00Z",
    "advisory" : "RHSA-2026:2535",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.8",
    "package" : "kernel-0:4.18.0-477.128.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-02-11T00:00:00Z",
    "advisory" : "RHSA-2026:2535",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.8",
    "package" : "kernel-0:4.18.0-477.128.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2212",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.30.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2212",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.30.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3293",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "kernel-0:5.14.0-70.167.1.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-02-25T00:00:00Z",
    "advisory" : "RHSA-2026:3375",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0::nfv",
    "package" : "kernel-rt-0:5.14.0-70.167.1.rt21.239.el9_0"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-02-11T00:00:00Z",
    "advisory" : "RHSA-2026:2560",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "kernel-0:5.14.0-284.156.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-02-11T00:00:00Z",
    "advisory" : "RHSA-2026:2583",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2::nfv",
    "package" : "kernel-rt-0:5.14.0-284.156.1.rt14.441.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-02-12T00:00:00Z",
    "advisory" : "RHSA-2026:2594",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.110.1.el9_4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-02-09T00:00:00Z",
    "advisory" : "RHSA-2026:2352",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "kernel-0:5.14.0-570.86.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-38022\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-38022\nhttps://lore.kernel.org/linux-cve-announce/2025061846-CVE-2025-38022-41b3@gregkh/T" ],
  "name" : "CVE-2025-38022",
  "csaw" : false
}