Red Hat Enterprise Linux Ai
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Enterprise Linux Ai.
Recent Red Hat Enterprise Linux Ai Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2025:19429 | (RHSA-2025:19429) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19427 | (RHSA-2025:19427) Red Hat Enterprise Linux AI 1.5 (AMD) | November 3, 2025 |
| RHSA-2025:19430 | (RHSA-2025:19430) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19426 | (RHSA-2025:19426) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19428 | (RHSA-2025:19428) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19425 | (RHSA-2025:19425) Red Hat Enterprise Linux AI 1.5 (AMD) | November 3, 2025 |
| RHSA-2025:19424 | (RHSA-2025:19424) Red Hat Enterprise Linux AI 1.5 (AMD) | November 3, 2025 |
| RHSA-2025:19423 | (RHSA-2025:19423) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19422 | (RHSA-2025:19422) Red Hat Enterprise Linux AI 1.5 (Intel Gaudi) | November 3, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Enterprise Linux Ai. Last year, in 2025 Enterprise Linux Ai had 2 security vulnerabilities published. Right now, Enterprise Linux Ai is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 5.40 |
| 2024 | 4 | 6.18 |
It may take a day or so for new Enterprise Linux Ai vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Enterprise Linux Ai Security Vulnerabilities
vLLM MediaConnector SSRF via load_from_url
CVE-2025-6242
7.1 - High
- October 07, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.
SSRF
CIRCL FourQ RCE via Low-Order Point Injection in Diffie-Hellman
CVE-2025-8556
3.7 - Low
- August 06, 2025
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Improper Verification of Cryptographic Signature
Ansible-Core Unsafe Content Protection Bypass via Hostvars Object
CVE-2024-11079
5.5 - Medium
- November 12, 2024
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
Improper Input Validation
vLLM API crash via empty prompt causes DoS
CVE-2024-8768
7.5 - High
- September 17, 2024
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
assertion failure
DoS via best_of overuse in ilab vllm API
CVE-2024-8939
6.2 - Medium
- September 17, 2024
A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service.
Resource Exhaustion
Ansible include_vars leak: Vault secrets exposed in logs
CVE-2024-8775
5.5 - Medium
- September 14, 2024
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Ai or by Red Hat? Click the Watch button to subscribe.
