Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2022-50673 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4orphancleanup I caught a issue as follows...

RockyLinux 8 : kernel (RLSA-2026:2264)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2264 advisory. kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps CVE-2025-40170...

AlmaLinux 10 : kernel (ALSA-2026:2282)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2282 advisory. kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation CVE-2025-38415 kernel: vsock/vmci: Clear the vmci transport...

Oracle Linux 8 : kernel (ELSA-2026-2264)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2264 advisory. - ext4: fix use-after-free in ext4orphancleanup CKI Backport Bot RHEL-136000 CVE-2022-50673 - ext4: lost matching-pair of trace in ext4truncate CKI...

Oracle Linux 9 : kernel (ELSA-2026-2212)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2212 advisory. - iouring/net: commit partial buffers on retry Jeff Moyer RHEL-137329 CVE-2025-38730 - atm: clip: Fix infinite recursive call of clippush. Guillaume...

kernel: Kernel: Privilege escalation via uninitialized data in vmci transport packet

A flaw was found in the Linux kernel's vsock/vmci component. A local attacker with low privileges could exploit a vulnerability where the vmcitransportpacket structure is not properly cleared during initialization. This can lead to the use of uninitialized data, potentially allowing for informati...

ALSA-2026:2264 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it CVE-2025-38403 kernel: net: use dstdevrcu in sksetupcaps CVE-2025-40170 kernel: ipv6: use RCU in ip6xmit...

Linux Distros Unpatched Vulnerability : CVE-2025-38403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields...

AZL-65771 CVE-2025-38403 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmcitransportpacketinit memset the vmcitransportpacket before populating the fields to avoid any uninitialised data being left in the structure...