chore(deps): refresh rpm lockfiles (release-2.14) [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
cpp	11.5.0-5.el9_5 -> 11.5.0-11.el9
gcc	11.5.0-5.el9_5 -> 11.5.0-11.el9
gcc-c++	11.5.0-5.el9_5 -> 11.5.0-11.el9
glibc-devel	2.34-168.el9_6.20 -> 2.34-231.el9_7.2
kernel-headers	5.14.0-570.24.1.el9_6 -> 5.14.0-611.8.1.el9_7
libasan	11.5.0-5.el9_5 -> 11.5.0-11.el9
libstdc++-devel	11.5.0-5.el9_5 -> 11.5.0-11.el9
libubsan	11.5.0-5.el9_5 -> 11.5.0-11.el9
audit-libs	3.1.5-4.el9 -> 3.1.5-7.el9
binutils	2.35.2-63.el9 -> 2.35.2-67.el9
binutils-gold	2.35.2-63.el9 -> 2.35.2-67.el9
ca-certificates	2024.2.69_v8.0.303-91.4.el9_4 -> 2025.2.80_v9.0.305-91.el9
crypto-policies	20250128-1.git5269e22.el9 -> 20250905-1.git377cc42.el9_7
cyrus-sasl-lib	2.1.27-21.el9 -> 2.1.27-22.el9
elfutils-debuginfod-client	0.192-6.el9_6 -> 0.193-1.el9
elfutils-default-yama-scope	0.192-6.el9_6 -> 0.193-1.el9
elfutils-libelf	0.192-6.el9_6 -> 0.193-1.el9
elfutils-libs	0.192-6.el9_6 -> 0.193-1.el9
glibc	2.34-168.el9_6.20 -> 2.34-231.el9_7.2
glibc-common	2.34-168.el9_6.20 -> 2.34-231.el9_7.2
glibc-gconv-extra	2.34-168.el9_6.20 -> 2.34-231.el9_7.2
glibc-minimal-langpack	2.34-168.el9_6.20 -> 2.34-231.el9_7.2
kmod-libs	28-10.el9 -> 28-11.el9
libatomic	11.5.0-5.el9_5 -> 11.5.0-11.el9
libcap	2.48-9.el9_2 -> 2.48-10.el9
libcom_err	1.46.5-7.el9 -> 1.46.5-8.el9
libcurl	7.76.1-31.el9 -> 7.76.1-34.el9
libgcc	11.5.0-5.el9_5 -> 11.5.0-11.el9
libgomp	11.5.0-5.el9_5 -> 11.5.0-11.el9
libsepol	3.6-2.el9 -> 3.6-3.el9
libssh	0.10.4-13.el9 -> 0.10.4-15.el9_7
libssh-config	0.10.4-13.el9 -> 0.10.4-15.el9_7
libstdc++	11.5.0-5.el9_5 -> 11.5.0-11.el9
ncurses-base	6.2-10.20210508.el9 -> 6.2-12.20210508.el9
ncurses-libs	6.2-10.20210508.el9 -> 6.2-12.20210508.el9
openssl	1:3.2.2-6.el9_5.1 -> 1:3.5.1-4.el9_7
openssl-fips-provider	3.0.7-6.el9_5 -> 3.0.7-8.el9
openssl-fips-provider-so	3.0.7-6.el9_5 -> 3.0.7-8.el9
openssl-libs	1:3.2.2-6.el9_5.1 -> 1:3.5.1-4.el9_7
pam	1.5.1-25.el9_6 -> 1.5.1-26.el9_6
redhat-release	9.6-0.1.el9 -> 9.7-0.7.el9
shadow-utils	2:4.9-12.el9 -> 2:4.9-15.el9
systemd	252-51.el9_6.1 -> 252-55.el9_7.2
systemd-libs	252-51.el9_6.1 -> 252-55.el9_7.2
systemd-pam	252-51.el9_6.1 -> 252-55.el9_7.2
systemd-rpm-macros	252-51.el9_6.1 -> 252-55.el9_7.2
tzdata	2025b-1.el9 -> 2025b-2.el9
glibc-headers	2.34-168.el9_6.20 -> 2.34-231.el9_7.2

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

glibc: Double free in glibc

CVE-2025-8058

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-8058
• https://bugzilla.redhat.com/show_bug.cgi?id=2383146
• https://www.cve.org/CVERecord?id=CVE-2025-8058
• https://nvd.nist.gov/vuln/detail/CVE-2025-8058
• https://sourceware.org/bugzilla/show_bug.cgi?id=33185
• https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f

---

kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()

CVE-2025-22121

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-22121
• https://bugzilla.redhat.com/show_bug.cgi?id=2360199
• https://www.cve.org/CVERecord?id=CVE-2025-22121
• https://nvd.nist.gov/vuln/detail/CVE-2025-22121
• https://lore.kernel.org/linux-cve-announce/2025041628-CVE-2025-22121-52fd@gregkh/T

---

kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry

CVE-2025-37958

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-37958
• https://bugzilla.redhat.com/show_bug.cgi?id=2367572
• https://www.cve.org/CVERecord?id=CVE-2025-37958
• https://nvd.nist.gov/vuln/detail/CVE-2025-37958
• https://lore.kernel.org/linux-cve-announce/2025052003-CVE-2025-37958-02de@gregkh/T

---

kernel: net_sched: ets: Fix double list add in class with netem as child qdisc

CVE-2025-37914

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-37914
• https://bugzilla.redhat.com/show_bug.cgi?id=2367500
• https://www.cve.org/CVERecord?id=CVE-2025-37914
• https://nvd.nist.gov/vuln/detail/CVE-2025-37914
• https://lore.kernel.org/linux-cve-announce/2025052000-CVE-2025-37914-1a4f@gregkh/T

---

kernel: cifs: Fix integer overflow while processing closetimeo mount option

CVE-2025-21962

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-21962
• https://bugzilla.redhat.com/show_bug.cgi?id=2356624
• https://www.cve.org/CVERecord?id=CVE-2025-21962
• https://nvd.nist.gov/vuln/detail/CVE-2025-21962
• https://lore.kernel.org/linux-cve-announce/2025040145-CVE-2025-21962-9f86@​gregkh/T

---

kernel: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()

CVE-2025-21929

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-21929
• https://bugzilla.redhat.com/show_bug.cgi?id=2356594
• https://www.cve.org/CVERecord?id=CVE-2025-21929
• https://nvd.nist.gov/vuln/detail/CVE-2025-21929
• https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21929-bf29@​gregkh/T

---

kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

CVE-2025-38052

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38052
• https://bugzilla.redhat.com/show_bug.cgi?id=2373380
• https://www.cve.org/CVERecord?id=CVE-2025-38052
• https://nvd.nist.gov/vuln/detail/CVE-2025-38052
• https://lore.kernel.org/linux-cve-announce/2025061832-CVE-2025-38052-6201@​gregkh/T

---

kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

CVE-2025-37890

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-37890
• https://bugzilla.redhat.com/show_bug.cgi?id=2366848
• https://www.cve.org/CVERecord?id=CVE-2025-37890
• https://nvd.nist.gov/vuln/detail/CVE-2025-37890
• https://lore.kernel.org/linux-cve-announce/2025051617-CVE-2025-37890-437b@gregkh/T

---

kernel: mm/hugetlb: unshare page tables during VMA split, not before

CVE-2025-38084

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38084
• https://bugzilla.redhat.com/show_bug.cgi?id=2375303
• https://www.cve.org/CVERecord?id=CVE-2025-38084
• https://nvd.nist.gov/vuln/detail/CVE-2025-38084
• https://lore.kernel.org/linux-cve-announce/2025062834-CVE-2025-38084-9121@​gregkh/T

---

kernel: net: ch9200: fix uninitialised access during mii_nway_restart

CVE-2025-38086

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-38086
• https://bugzilla.redhat.com/show_bug.cgi?id=2375305
• https://www.cve.org/CVERecord?id=CVE-2025-38086
• https://nvd.nist.gov/vuln/detail/CVE-2025-38086
• https://lore.kernel.org/linux-cve-announce/2025062801-CVE-2025-38086-783b@gregkh/T

---

kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access

CVE-2025-38110

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-38110
• https://bugzilla.redhat.com/show_bug.cgi?id=2376035
• https://www.cve.org/CVERecord?id=CVE-2025-38110
• https://nvd.nist.gov/vuln/detail/CVE-2025-38110
• https://lore.kernel.org/linux-cve-announce/2025070324-CVE-2025-38110-a9c0@​gregkh/T

---

kernel: net/sched: fix use-after-free in taprio_dev_notifier

CVE-2025-38087

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38087
• https://bugzilla.redhat.com/show_bug.cgi?id=2375531
• https://www.cve.org/CVERecord?id=CVE-2025-38087
• https://nvd.nist.gov/vuln/detail/CVE-2025-38087
• https://lore.kernel.org/linux-cve-announce/2025063052-CVE-2025-38087-cd0f@gregkh/T

---

kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

CVE-2025-38159

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38159
• https://bugzilla.redhat.com/show_bug.cgi?id=2376064
• https://www.cve.org/CVERecord?id=CVE-2025-38159
• https://nvd.nist.gov/vuln/detail/CVE-2025-38159
• https://lore.kernel.org/linux-cve-announce/2025070339-CVE-2025-38159-0c95@​gregkh/T

---

kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling

CVE-2025-37797

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-37797
• https://bugzilla.redhat.com/show_bug.cgi?id=2363672
• https://www.cve.org/CVERecord?id=CVE-2025-37797
• https://nvd.nist.gov/vuln/detail/CVE-2025-37797
• https://lore.kernel.org/linux-cve-announce/2025050210-CVE-2025-37797-2aab@gregkh/T

---

kernel: wifi: iwlwifi: limit printed string from FW file

CVE-2025-21905

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-21905
• https://bugzilla.redhat.com/show_bug.cgi?id=2356613
• https://www.cve.org/CVERecord?id=CVE-2025-21905
• https://nvd.nist.gov/vuln/detail/CVE-2025-21905
• https://lore.kernel.org/linux-cve-announce/2025040129-CVE-2025-21905-348b@gregkh/T

---

kernel: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

CVE-2025-21867

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-21867
• https://bugzilla.redhat.com/show_bug.cgi?id=2355334
• https://www.cve.org/CVERecord?id=CVE-2025-21867
• https://nvd.nist.gov/vuln/detail/CVE-2025-21867
• https://lore.kernel.org/linux-cve-announce/2025032732-CVE-2025-21867-3138@​gregkh/T

---

microcode_ctl: From CVEorg collector

CVE-2024-28956

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-28956
• https://bugzilla.redhat.com/show_bug.cgi?id=2366125
• https://www.cve.org/CVERecord?id=CVE-2024-28956
• https://nvd.nist.gov/vuln/detail/CVE-2024-28956
• https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01153.html
• https://www.vusec.net/projects/training-solo/

---

kernel: ext4: avoid journaling sb update on error if journal is destroying

CVE-2025-22113

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-22113
• https://bugzilla.redhat.com/show_bug.cgi?id=2360212
• https://www.cve.org/CVERecord?id=CVE-2025-22113
• https://nvd.nist.gov/vuln/detail/CVE-2025-22113
• https://lore.kernel.org/linux-cve-announce/2025041625-CVE-2025-22113-34cd@gregkh/T

---

kernel: udp: Fix memory accounting leak.

CVE-2025-22058

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-22058
• https://bugzilla.redhat.com/show_bug.cgi?id=2360276
• https://www.cve.org/CVERecord?id=CVE-2025-22058
• https://nvd.nist.gov/vuln/detail/CVE-2025-22058
• https://lore.kernel.org/linux-cve-announce/2025041606-CVE-2025-22058-045a@gregkh/T

---

kernel: Bluetooth: hci_core: Fix use-after-free in vhci_flush()

CVE-2025-38250

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38250
• https://bugzilla.redhat.com/show_bug.cgi?id=2378982
• https://www.cve.org/CVERecord?id=CVE-2025-38250
• https://nvd.nist.gov/vuln/detail/CVE-2025-38250
• https://lore.kernel.org/linux-cve-announce/2025070934-CVE-2025-38250-3145@​gregkh/T

---

kernel: tls: always refresh the queue when reading sock

CVE-2025-38471

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38471
• https://bugzilla.redhat.com/show_bug.cgi?id=2383893
• https://www.cve.org/CVERecord?id=CVE-2025-38471
• https://nvd.nist.gov/vuln/detail/CVE-2025-38471
• https://lore.kernel.org/linux-cve-announce/2025072812-CVE-2025-38471-ca92@​gregkh/T

---

kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

CVE-2022-49788

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2022-49788
• https://bugzilla.redhat.com/show_bug.cgi?id=2363378
• https://www.cve.org/CVERecord?id=CVE-2022-49788
• https://nvd.nist.gov/vuln/detail/CVE-2022-49788
• https://lore.kernel.org/linux-cve-announce/2025050121-CVE-2022-49788-6e84@​gregkh/T

---

kernel: net: fix udp gso skb_segment after pull from frag_list

CVE-2025-38124

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38124
• https://bugzilla.redhat.com/show_bug.cgi?id=2376041
• https://www.cve.org/CVERecord?id=CVE-2025-38124
• https://nvd.nist.gov/vuln/detail/CVE-2025-38124
• https://lore.kernel.org/linux-cve-announce/2025070328-CVE-2025-38124-bc19@​gregkh/T

---

kernel: ice: fix eswitch code memory leak in reset scenario

CVE-2025-38417

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38417
• https://bugzilla.redhat.com/show_bug.cgi?id=2383463
• https://www.cve.org/CVERecord?id=CVE-2025-38417
• https://nvd.nist.gov/vuln/detail/CVE-2025-38417
• https://lore.kernel.org/linux-cve-announce/2025072546-CVE-2025-38417-12d4@​gregkh/T

---

kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

CVE-2025-38085

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38085
• https://bugzilla.redhat.com/show_bug.cgi?id=2375304
• https://www.cve.org/CVERecord?id=CVE-2025-38085
• https://nvd.nist.gov/vuln/detail/CVE-2025-38085
• https://lore.kernel.org/linux-cve-announce/2025062836-CVE-2025-38085-8075@​gregkh/T

---

kernel: padata: fix UAF in padata_reorder

CVE-2025-21727

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-21727
• https://bugzilla.redhat.com/show_bug.cgi?id=2348516
• https://www.cve.org/CVERecord?id=CVE-2025-21727
• https://nvd.nist.gov/vuln/detail/CVE-2025-21727
• https://lore.kernel.org/linux-cve-announce/2025022648-CVE-2025-21727-b034@​gregkh/T

---

kernel: RDMA/core: Fix use-after-free when rename device name

CVE-2025-22085

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-22085
• https://bugzilla.redhat.com/show_bug.cgi?id=2360219
• https://www.cve.org/CVERecord?id=CVE-2025-22085
• https://nvd.nist.gov/vuln/detail/CVE-2025-22085
• https://lore.kernel.org/linux-cve-announce/2025041615-CVE-2025-22085-d167@​gregkh/T

---

kernel: media: uvcvideo: Fix double free in error path

CVE-2024-57980

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2024-57980
• https://bugzilla.redhat.com/show_bug.cgi?id=2348599
• https://www.cve.org/CVERecord?id=CVE-2024-57980
• https://nvd.nist.gov/vuln/detail/CVE-2024-57980
• https://lore.kernel.org/linux-cve-announce/2025022634-CVE-2024-57980-4b5a@gregkh/T

---

kernel: RDMA/mlx5: Fix page_size variable overflow

CVE-2025-22091

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-22091
• https://bugzilla.redhat.com/show_bug.cgi?id=2360186
• https://www.cve.org/CVERecord?id=CVE-2025-22091
• https://nvd.nist.gov/vuln/detail/CVE-2025-22091
• https://lore.kernel.org/linux-cve-announce/2025041617-CVE-2025-22091-462d@gregkh/T

---

kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove

CVE-2025-22020

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-22020
• https://bugzilla.redhat.com/show_bug.cgi?id=2360099
• https://www.cve.org/CVERecord?id=CVE-2025-22020
• https://nvd.nist.gov/vuln/detail/CVE-2025-22020
• https://lore.kernel.org/linux-cve-announce/2025041642-CVE-2025-22020-70e8@​gregkh/T

---

kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

CVE-2025-21928

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-21928
• https://bugzilla.redhat.com/show_bug.cgi?id=2356592
• https://www.cve.org/CVERecord?id=CVE-2025-21928
• https://nvd.nist.gov/vuln/detail/CVE-2025-21928
• https://lore.kernel.org/linux-cve-announce/2025040133-CVE-2025-21928-e444@​gregkh/T

---

kernel: i2c/designware: Fix an initialization issue

CVE-2025-38380

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-38380
• https://bugzilla.redhat.com/show_bug.cgi?id=2383381
• https://www.cve.org/CVERecord?id=CVE-2025-38380
• https://nvd.nist.gov/vuln/detail/CVE-2025-38380
• https://lore.kernel.org/linux-cve-announce/2025072505-CVE-2025-38380-d1a9@​gregkh/T

---

libssh: out-of-bounds read in sftp_handle()

CVE-2025-5318

More information

Severity

Moderate

References

• https://access.redhat.com/security/cve/CVE-2025-5318
• https://bugzilla.redhat.com/show_bug.cgi?id=2369131
• https://www.cve.org/CVERecord?id=CVE-2025-5318
• https://nvd.nist.gov/vuln/detail/CVE-2025-5318
• https://www.libssh.org/security/advisories/CVE-2025-5318.txt

---

ncurses: segfaulting OOB read

CVE-2022-29458

More information

Severity

Low

References

• https://access.redhat.com/security/cve/CVE-2022-29458
• https://bugzilla.redhat.com/show_bug.cgi?id=2076483
• https://www.cve.org/CVERecord?id=CVE-2022-29458
• https://nvd.nist.gov/vuln/detail/CVE-2022-29458

---

linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://www.cve.org/CVERecord?id=CVE-2025-8941
• https://nvd.nist.gov/vuln/detail/CVE-2025-8941

---

linux-pam: Linux-pam directory Traversal

CVE-2025-6020

More information

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-6020
• https://bugzilla.redhat.com/show_bug.cgi?id=2372512
• https://www.cve.org/CVERecord?id=CVE-2025-6020
• https://nvd.nist.gov/vuln/detail/CVE-2025-6020

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/New_York, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci]

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a stolostron member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[openshift-ci]

@red-hat-konflux[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/test-e2e	5d94da4	link	true	/test test-e2e

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.