Homepage

Race Condition Affecting kernel-rt-64k-core package, versions *

Severity

 Recommended
0.0
medium
0
10

Based on Red Hat Enterprise Linux security rating.

Threat Intelligence

EPSS
0.02% (6th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-RHEL9-KERNELRT64KCORE-12528389
  • published6 Sept 2025
  • disclosed5 Sept 2025
Report a new vulnerability Found a mistake?

Introduced: 5 Sep 2025

NewCVE-2025-39673  (opens in a new tab)
CWE-362  (opens in a new tab)

How to fix?

There is no fixed version for RHEL:9 kernel-rt-64k-core.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-rt-64k-core package and not the kernel-rt-64k-core package as distributed by RHEL. See How to fix? for RHEL:9 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

ppp: fix race conditions in ppp_fill_forward_path

ppp_fill_forward_path() has two race conditions:

  1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held. If the only channel is deleted in ppp_disconnect_channel(), list_first_entry() may access an empty head or a freed entry, and trigger a panic.

  2. pch->chan can be NULL. When ppp_unregister_channel() is called, pch->chan is set to NULL before pch is removed from ppp->channels.

Fix these by using a lockless RCU approach:

  • Use list_first_or_null_rcu() to safely test and access the first list entry.
  • Convert list modifications on ppp->channels to their RCU variants and add synchronize_net() after removal.
  • Check for a NULL pch->chan before dereferencing it.

CVSS Base Scores

version 3.1