{ "threat_severity" : "Moderate", "public_date" : "2026-01-13T00:00:00Z", "bugzilla" : { "description" : "kernel: svcrdma: use rc_pageoff for memcpy byte offset", "id" : "2429116", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2429116" }, "cvss3" : { "cvss3_base_score" : "7.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-787", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nsvcrdma: use rc_pageoff for memcpy byte offset\nsvc_rdma_copy_inline_range added rc_curpage (page index) to the page\nbase instead of the byte offset rc_pageoff. Use rc_pageoff so copies\nland within the current page.\nFound by ZeroPath (https://zeropath.com)" ], "statement" : "This is an out-of-bounds write caused by using a page index (rc_curpage) as a byte offset in memcpy().\nA remote NFS/RDMA client can trigger memory corruption or kernel crashes by sending specially crafted inline data.\nIn the worst case, this breaks the memory safety assumptions of the RDMA receive path and may allow cross-object memory corruption.\nAlthough the issue is remotely triggerable, the attack vector is Adjacent (AV:A), since it requires access to an authorized NFS over RDMA fabric and cannot be exploited from the general Internet. This makes it a storage-network-level vulnerability rather than a public network exposure.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2282", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.35.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support", "release_date" : "2026-04-06T00:00:00Z", "advisory" : "RHSA-2026:6692", "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0", "package" : "kernel-0:6.12.0-55.66.1.el10_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2722", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.34.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2722", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.34.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support", "release_date" : "2026-03-17T00:00:00Z", "advisory" : "RHSA-2026:4745", "cpe" : "cpe:/a:redhat:rhel_eus:9.6", "package" : "kernel-0:5.14.0-570.98.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-68811\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-68811\nhttps://lore.kernel.org/linux-cve-announce/2026011311-CVE-2025-68811-7e46@gregkh/T" ], "name" : "CVE-2025-68811", "mitigation" : { "value" : "To mitigate this issue, prevent module rpcrdma from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.", "lang" : "en:us" }, "csaw" : false }