- kernel-4.18.0-553.70.1.el8_10 (rhel8)
- 4.18.0-553.84.1.el8_10
- 2025-12-17 03:12:53
- 2025-12-19 12:35:23
- K20251217_15
- CVE-2025-22058
- Description:
udp: Fix memory accounting leak.
- CVE: https://access.redhat.com/security/cve/CVE-2025-22058
- Patch: rhel8/4.18.0-553.71.1.el8_10/CVE-2025-22058-udp-Fix-memory-accounting-leak.patch
- From: kernel-4.18.0-553.71.1.el8_10
- CVE-2025-38200
- Description:
i40e: fix MMIO write access to an invalid page in i40e_clear_hw
- CVE: https://access.redhat.com/security/cve/CVE-2025-38200
- Patch: rhel8/4.18.0-553.71.1.el8_10/CVE-2025-38200-i40e-fix-MMIO-write-access-to-an-invalid-page-in-i40e_clear_hw.patch
- From: kernel-4.18.0-553.71.1.el8_10
- CVE-2025-38477
- Description:
net/sched: sch_qfq: Fix race condition on qfq_aggregate
- CVE: https://access.redhat.com/security/cve/CVE-2025-38477
- Patch: rhel8/4.18.0-553.72.1.el8_10/CVE-2025-38477-net-sched-sch_qfq-Fix-race-condition-on-qfq_aggregate.patch
- From: 4.18.0-553.72.1.el8_10
- CVE-2025-38477
- Description:
net/sched: sch_qfq: Fix race condition on qfq_aggregate
- CVE: https://access.redhat.com/security/cve/CVE-2025-38477
- Patch: rhel8/4.18.0-553.72.1.el8_10/CVE-2025-38477-net-sched-sch_qfq-Avoid-triggering-might_sleep-in-atomic-context-in-qfq_delete_class.patch
- From: 4.18.0-553.72.1.el8_10
- CVE-2025-38464
- Description:
tipc: Fix use-after-free in tipc_conn_close().
- CVE: https://access.redhat.com/security/cve/CVE-2025-38464
- Patch: rhel8/4.18.0-553.72.1.el8_10/CVE-2025-38464-tipc-fix-use-after-free-in-tipc-conn-close.patch
- From: 4.18.0-553.72.1.el8_10
- CVE-2025-38211
- Description:
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
- CVE: https://access.redhat.com/security/cve/CVE-2025-38211
- Patch: rhel8/4.18.0-553.72.1.el8_10/CVE-2025-38211-rdma-iwcm-Fix-a-use-after-free-related-to-destroying-CM-IDs.patch
- From: 4.18.0-553.72.1.el8_10
- CVE-2025-38211
- Description:
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
- CVE: https://access.redhat.com/security/cve/CVE-2025-38211
- Patch: rhel8/4.18.0-553.72.1.el8_10/CVE-2025-38211-rdma-iwcm-fix-use-after-free-of-work-objects-after-cm-id-destruction.patch
- From: 4.18.0-553.72.1.el8_10
- CVE-2025-38332
- Description:
scsi: lpfc: Use memcpy() for BIOS version
- CVE: https://access.redhat.com/security/cve/CVE-2025-38332
- Patch: rhel8/4.18.0-553.72.1.el8_10/CVE-2025-38332-scsi-lpfc-use-memcpy-for-bios-version.patch
- From: 4.18.0-553.72.1.el8_10
- CVE-2022-49985
- Description:
bpf: Don't use tnum_range on array range checking for poke descriptors
- CVE: https://access.redhat.com/security/cve/CVE-2022-49985
- Patch: rhel8/4.18.0-553.74.1.el8_10/CVE-2022-49985-bpf-don-t-use-tnum_range-on-array-range-checking-for-poke-descriptors.patch
- From: 4.18.0-553.74.1.el8_10
- CVE-2025-38352
- Description:
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
- CVE: https://access.redhat.com/security/cve/CVE-2025-38352
- Patch: rhel8/4.18.0-553.74.1.el8_10/CVE-2025-38352-posix-cpu-timers-fix-race-between-handle_posix_cpu_timers-and-posix_cpu_timer_del.patch
- From: 4.18.0-553.74.1.el8_10
- CVE-2023-53125
- Description:
net: usb: smsc75xx: Limit packet length to skb->len
- CVE: https://access.redhat.com/security/cve/CVE-2023-53125
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2023-53125-net-usb-smsc75xx-Limit-packet-length-to-skb-len.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2023-53125
- Description:
net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
- CVE: https://access.redhat.com/security/cve/CVE-2023-53125
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2023-53125-net-usb-smsc75xx-Move-packet-length-check-to-prevent-kernel-panic-in-skb_pull.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2025-38350
- Description:
sch_qfq: make qfq_qlen_notify() idempotent
- CVE: https://access.redhat.com/security/cve/CVE-2025-38350
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2025-38350-sch_qfq-make-qfq_qlen_notify-idempotent.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2025-38350
- Description:
sch_cbq: make cbq_qlen_notify() idempotent
- CVE: https://access.redhat.com/security/cve/CVE-2025-38350
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2025-38350-sch_cbq-make-cbq_qlen_notify-idempotent.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2025-38350
- Description:
sch_htb: make htb_qlen_notify() idempotent
- CVE: https://access.redhat.com/security/cve/CVE-2025-38350
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2025-38350-sch_htb-make-htb_qlen_notify-idempotent.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2025-38350
- Description:
sch_htb: make htb_deactivate() idempotent
- CVE: https://access.redhat.com/security/cve/CVE-2025-38350
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2025-38350-sch_htb-make-htb_deactivate-idempotent.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2025-38350
- Description:
sch_drr: make drr_qlen_notify() idempotent
- CVE: https://access.redhat.com/security/cve/CVE-2025-38350
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2025-38350-sch_drr-make-drr_qlen_notify-idempotent.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2025-38350
- Description:
net/sched: Always pass notifications when child class becomes empty
- CVE: https://access.redhat.com/security/cve/CVE-2025-38350
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2025-38350-net-sched-always-pass-notifications-when-child-class-becomes-empty.patch
- From: kernel-4.18.0-553.75.1.el8_10
- CVE-2025-38449
- Description:
requires a very complex adaptation
- CVE:
- Patch: skipped/CVE-2025-38449.patch
- From:
- CVE-2025-38392
- Description:
idpf: convert control queue mutex to a spinlock
- CVE: https://access.redhat.com/security/cve/CVE-2025-38392
- Patch: rhel8/4.18.0-553.75.1.el8_10/CVE-2025-38392-idpf-convert-control-queue-mutex-to-a-spinlock.patch
- From: 4.18.0-553.75.1.el8_10
- CVE-2025-38461
- Description:
vsock: Fix transport_* TOCTOU
- CVE: https://access.redhat.com/security/cve/CVE-2025-38461
- Patch: rhel8/4.18.0-553.76.1.el8_10/CVE-2025-38461-vsock-Fix-transport_-TOCTOU.patch
- From: kernel-4.18.0-553.76.1.el8_10
- CVE-2025-38498
- Description:
vsock: Fix transport_* TOCTOU
- CVE: https://access.redhat.com/security/cve/CVE-2025-38498
- Patch: rhel8/4.18.0-553.76.1.el8_10/CVE-2025-38498-do_change_type-refuse-to-operate-on-unmounted-not-ours-mounts.patch
- From: kernel-4.18.0-553.76.1.el8_10
- CVE-2025-38498
- Description:
use uniform permission checks for all mount propagation changes
- CVE: https://access.redhat.com/security/cve/CVE-2025-38498
- Patch: rhel8/4.18.0-553.76.1.el8_10/CVE-2025-38498-use-uniform-permission-checks-for-all-mount-propagation-changes.patch
- From: kernel-4.18.0-553.76.1.el8_10
- CVE-2025-38556
- Description:
HID: core: Harden s32ton() against conversion to 0 bits
- CVE: https://access.redhat.com/security/cve/CVE-2025-38556
- Patch: rhel8/4.18.0-553.76.1.el8_10/CVE-2025-38556-core-Harden-s32ton-against-conversion-to-0-bits.patch
- From: kernel-4.18.0-553.76.1.el8_10
- CVE-2025-38556
- Description:
HID: core: fix shift-out-of-bounds in hid_report_raw_event
- CVE: https://access.redhat.com/security/cve/CVE-2025-38556
- Patch: rhel8/4.18.0-553.76.1.el8_10/CVE-2025-38556-HID-core-fix-shift-out-of-bounds-in-hid_report_raw_event.patch
- From: kernel-4.18.0-553.76.1.el8_10
- CVE-2025-38718
- Description:
sctp: linearize cloned gso packets in sctp_rcv
- CVE: https://access.redhat.com/security/cve/CVE-2025-38718
- Patch: rhel8/4.18.0-553.77.1.el8_10/CVE-2025-38718-sctp-linearize-cloned-gso-packets-in-sctp-rcv.patch
- From: 4.18.0-553.77.1.el8_10
- CVE-2025-22026
- Description:
Out of scope: not affected
- CVE:
- Patch: skipped/CVE-2025-22026.patch
- From:
- CVE-2025-37797
- Description:
net_sched: hfsc: Fix a UAF vulnerability in class handling
- CVE: https://access.redhat.com/security/cve/CVE-2025-37797
- Patch: rhel8/4.18.0-553.77.1.el8_10/CVE-2025-37797-net_sched-hfsc-Fix-a-UAF-vulnerability-in-class-handling.patch
- From: 4.18.0-553.77.1.el8_10
- CVE-2022-50087
- Description:
Out of scope: not affected
- CVE:
- Patch: skipped/CVE-2022-50087.patch
- From:
- CVE-2025-39730
- Description:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
- CVE: https://access.redhat.com/security/cve/CVE-2025-39730
- Patch: rhel8/4.18.0-553.78.1.el8_10/CVE-2025-39730-NFS-Fix-filehandle-bounds-checking-in-nfs_fh_to_dentry.patch
- From: 4.18.0-553.78.1.el8_10
- CVE-2025-38527
- Description:
smb: client: fix use-after-free in cifs_oplock_break
- CVE: https://access.redhat.com/security/cve/CVE-2025-38527
- Patch: rhel8/4.18.0-553.78.1.el8_10/CVE-2025-38527-smb-client-fix-use-after-free-in-cifs_oplock_break.patch
- From: 4.18.0-553.78.1.el8_10
- CVE-2023-53305 CVE-2022-50386
- Description:
Bluetooth: L2CAP: Fix use-after-free
- CVE: https://access.redhat.com/security/cve/CVE-2022-50386
- Patch: rhel8/4.18.0-553.79.1.el8_10/CVE-2023-53305-bluetooth-l2cap-fix-use-after-free.patch
- From: 4.18.0-553.79.1.el8_10
- CVE-2022-50228
- Description:
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
- CVE: https://access.redhat.com/security/cve/CVE-2022-50228
- Patch: rhel8/4.18.0-553.79.1.el8_10/CVE-2022-50228-KVM-SVM-dont-BUG-if-userspace-injects-an-interrupt.patch
- From: 4.18.0-553.79.1.el8_10
- CVE-2023-53373
- Description:
crypto: seqiv - Handle EBUSY correctly
- CVE: https://access.redhat.com/security/cve/CVE-2023-53373
- Patch: rhel8/4.18.0-553.80.1.el8_10/CVE-2023-53373-crypto-seqiv-handle-ebusy-correctly.patch
- From: 4.18.0-553.80.1.el8_10
- CVE-2025-39751
- Description:
This CVE has been rejected or withdrawn by its CVE Numbering Authority as per NVD website
- CVE:
- Patch: skipped/CVE-2025-39751.patch
- From:
- CVE-2025-39757
- Description:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
- CVE: https://access.redhat.com/security/cve/CVE-2025-39757
- Patch: rhel8/4.18.0-553.80.1.el8_10/CVE-2025-39757-ALSA-usb-audio-Validate-UAC3-cluster-segment-descriptors.patch
- From: 4.18.0-553.80.1.el8_10
- CVE-2025-39757
- Description:
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
- CVE: https://access.redhat.com/security/cve/CVE-2025-39757
- Patch: rhel8/4.18.0-553.80.1.el8_10/CVE-2025-39757-ALSA-usb-audio-Fix-size-validation-in-convert_chmap_v3.patch
- From: 4.18.0-553.80.1.el8_10
- CVE-2023-53297
- Description:
Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
- CVE: https://access.redhat.com/security/cve/CVE-2023-53297
- Patch: rhel8/4.18.0-553.81.1.el8_10/CVE-2023-53297-Bluetooth-L2CAP-fix-bad-unlock-balance-in-l2cap_disconnect_rsp.patch
- From: 4.18.0-553.81.1.el8_10
- CVE-2025-39817
- Description:
efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
- CVE: https://access.redhat.com/security/cve/CVE-2025-39817
- Patch: rhel8/4.18.0-553.81.1.el8_10/CVE-2025-39817-efivarfs-fix-slab-out-of-bounds-in-efivarfs-d-compare.patch
- From: 4.18.0-553.81.1.el8_10
- CVE-2025-39841
- Description:
scsi: lpfc: Fix buffer free/clear order in deferred receive path
- CVE: https://access.redhat.com/security/cve/CVE-2025-39841
- Patch: rhel8/4.18.0-553.81.1.el8_10/CVE-2025-39841-scsi-lpfc-fix-buffer-free-clear-order-in-deferred-receive-path.patch
- From: 4.18.0-553.81.1.el8_10
- CVE-2025-39849
- Description:
wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()
- CVE: https://access.redhat.com/security/cve/CVE-2025-39849
- Patch: rhel8/4.18.0-553.81.1.el8_10/CVE-2025-39849-wifi-cfg80211-sme-cap-ssid-length-in-cfg80211-connect-result.patch
- From: 4.18.0-553.81.1.el8_10
- CVE-2023-53386
- Description:
Bluetooth: Fix potential use-after-free when clear keys
- CVE: https://access.redhat.com/security/cve/CVE-2023-53386
- Patch: rhel8/4.18.0-553.81.1.el8_10/CVE-2023-53386-Bluetooth-Fix-potential-use-after-free-when-clear-keys.patch
- From: 4.18.0-553.81.1.el8_10
- CVE-2025-39864
- Description:
wifi: cfg80211: fix use-after-free in cmp_bss()
- CVE: https://access.redhat.com/security/cve/CVE-2025-39864
- Patch: rhel8/4.18.0-553.82.1.el8_10/CVE-2025-39864-wifi-cfg80211-fix-use-after-free-in-cmp-bss.patch
- From: 4.18.0-553.82.1.el8_10
- CVE-2023-53226
- Description:
wifi: mwifiex: Fix OOB and integer underflow when rx packets
- CVE: https://access.redhat.com/security/cve/CVE-2023-53226
- Patch: rhel8/4.18.0-553.82.1.el8_10/CVE-2023-53226-wifi-mwifiex-Fix-OOB-and-integer-underflow-when-rx-packets.patch
- From: 4.18.0-553.82.1.el8_10
- CVE-2023-53226
- Description:
wifi: mwifiex: Fix missed return in oob checks failed path
- CVE: https://access.redhat.com/security/cve/CVE-2023-53226
- Patch: rhel8/4.18.0-553.82.1.el8_10/CVE-2023-53226-wifi-mwifiex-Fix-missed-return-in-oob-checks-failed-path.patch
- From: 4.18.0-553.82.1.el8_10
- CVE-2023-53226
- Description:
wifi: mwifiex: Fix OOB and integer underflow when rx packets
- CVE: https://access.redhat.com/security/cve/CVE-2023-53226
- Patch: rhel8/4.18.0-553.82.1.el8_10/CVE-2023-53226-wifi-mwifiex-Fix-oob-check-condition-in-mwifiex_process_rx_packet.patch
- From: 4.18.0-553.82.1.el8_10
- CVE-2023-53257
- Description:
wifi: mac80211: check S1G action frame size
- CVE: https://access.redhat.com/security/cve/CVE-2023-53257
- Patch: rhel8/4.18.0-553.82.1.el8_10/CVE-2023-53257-wifi-mac80211-check-S1G-action-frame-size.patch
- From: 4.18.0-553.82.1.el8_10
- CVE-2022-50367
- Description:
fs: fix UAF/GPF bug in nilfs_mdt_destroy
- CVE: https://access.redhat.com/security/cve/CVE-2022-50367
- Patch: rhel8/4.18.0-553.83.1.el8_10/CVE-2022-50367-fs-fix-uaf-gpf-bug-in-nilfs-mdt-destroy.patch
- From: 4.18.0-553.83.1.el8_10
- CVE-2023-53178
- Description:
mm: fix zswap writeback race condition
- CVE: https://access.redhat.com/security/cve/CVE-2023-53178
- Patch: rhel8/4.18.0-553.83.1.el8_10/CVE-2023-53178-mm-fix-zswap-writeback-race-condition.patch
- From: 4.18.0-553.83.1.el8_10
- CVE-2023-53178
- Description:
mm: zswap: fix missing folio cleanup in writeback race path
- CVE: https://access.redhat.com/security/cve/CVE-2023-53178
- Patch: rhel8/4.18.0-553.83.1.el8_10/CVE-2023-53178-mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
- From: 4.18.0-553.83.1.el8_10
- CVE-2025-39718
- Description:
vsock/virtio: Validate length in packet header before skb_put()
- CVE: https://access.redhat.com/security/cve/CVE-2025-39718
- Patch: rhel8/4.18.0-553.84.1.el8_10/CVE-2025-39718-vsock-virtio-validate-length-in-packet-header-before-skb-put.patch
- From: 4.18.0-553.84.1.el8_10
- N/A
- Description:
x86 xen add xenpv restore regs and return to usermode
- CVE: N/A
- Patch: 4.18.0/x86-xen-Add-xenpv_restore_regs_and_return_to_usermode-el8-372.patch
- From: N/A
- N/A
- Description:
kpatch add alt asm definitions
- CVE: https://www.kernel.org
- Patch: 4.18.0/kpatch-add-alt-asm-definitions-el8-372.patch
- From: N/A