RXSA-2025:4341

Security

Mirrored from RHSA-2025:4341

Issued at: 2026-05-21

Updated at: 2026-05-21

Synopsis

Important: kernel security update

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)

* kernel: ipvs: properly dereference pe in ip_vs_add_service (CVE-2024-42322)

* kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)

* kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)

* kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (CVE-2025-21927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 SIG Cloud aarch64

Rocky Linux 9 SIG Cloud x86_64

Fixes

2305437

2305467

2309853

2315178

2356593

CVEs

CVE-2024-42292

CVE-2024-42322

CVE-2024-44990

CVE-2024-46826

CVE-2025-21927

Affected packages

Rocky Linux 9 SIG Cloud aarch64 - cloud-kernel

bpftool-0:7.4.0-503.40.1.el9_5.cloud.1.0.aarch64.rpm

bpftool-debuginfo-0:7.4.0-503.40.1.el9_5.cloud.1.0.aarch64.rpm

Rocky Linux 9 SIG Cloud x86_64 - cloud-kernel

bpftool-0:7.4.0-503.40.1.el9_5.cloud.1.0.x86_64.rpm

bpftool-debuginfo-0:7.4.0-503.40.1.el9_5.cloud.1.0.x86_64.rpm