EGI SVG Advisories

Advisory-EGI-SVG-2026-03

HIGH risk Linux Kernel vulnerabilities

Date: 2026-02-05
Updated: 2026-03-12

HIGH risk kernel vulnerability concerning RHEL8, 9 and 10 and derivatives.

IDs AND CVSS SCORE

EGI SVG ID : EGI-SVG-2026-03

CVE ID : CVE-2025-40248

CVSS Score : 7.0 [R 1]

ACTIONS REQUIRED/RECOMMENDED

Sites running RHEL8, 9 or 10 or derivatives are recommended to update relevant components as soon as possible, see references below.

MORE INFORMATION

According to RedHat [R 1], this affects RHEL7, 8, 9, and 10 (and derivatives), RHEL7 is unsupported and should no longer be in use.

STATUS OF THIS ADVISORY

TLP:CLEAR information - Unlimited distribution

https://advisories.egi.eu/Advisory-EGI-SVG-2026-03

https://advisories.egi.eu/Advisory-SVG-CVE-2025-40248

Minor updates may be made without re-distribution to the sites.

CONTACT AND OTHER INFORMATION ON SVG

This advisory is subject to the Creative Commons licence 
https://creativecommons.org/licenses/by/4.0/ and
the EGI (https://www.egi.eu/) Software Vulnerability Group 
must be credited. -----------------------------

Comments or questions should be sent to svg-rat at mailman.egi.eu

Vulnerabilities relevant for EGI can be reported at report-vulnerability at egi.eu

(see [R 99] for further details, and other information on SVG)

REFERENCES

[R 1] https://access.redhat.com/security/cve/CVE-2025-40248
[R 2] https://access.redhat.com/errata/RHSA-2026:1142
[R 3] https://access.redhat.com/errata/RHSA-2026:1143
[R 4] https://access.redhat.com/errata/RHSA-2026:1690
[R 5] https://www.cve.org/CVERecord?id=CVE-2025-40248
[R 6] https://security-tracker.debian.org/tracker/CVE-2025-40248
[R 7] https://ubuntu.com/security/CVE-2025-40248
[R 8] https://errata.build.resf.org/ (RockyLinux)
[R 9] https://errata.almalinux.org/ (AlmaLinux)
[R 99] https://confluence.egi.eu/display/EGIBG/SVG+Advisories

CREDITS

SVG was alerted to this vulnerability by Mischa Salle

This site is open source. Improve this page.