Red Hat Enterprise Linux Ai
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Enterprise Linux Ai.
Recent Red Hat Enterprise Linux Ai Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:17611 | (RHSA-2026:17611) Red Hat Enterprise Linux AI 3.3.3 | May 14, 2026 |
| RHSA-2026:17609 | (RHSA-2026:17609) Red Hat Enterprise Linux AI 3.3.3 | May 14, 2026 |
| RHSA-2026:10141 | (RHSA-2026:10141) Red Hat Enterprise Linux AI 3.3.1 | April 23, 2026 |
| RHSA-2026:10140 | (RHSA-2026:10140) Red Hat Enterprise Linux AI 3.3.1 | April 23, 2026 |
| RHSA-2025:19429 | (RHSA-2025:19429) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19427 | (RHSA-2025:19427) Red Hat Enterprise Linux AI 1.5 (AMD) | November 3, 2025 |
| RHSA-2025:19430 | (RHSA-2025:19430) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19426 | (RHSA-2025:19426) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19428 | (RHSA-2025:19428) Red Hat Enterprise Linux AI 1.5 (NVIDIA) | November 3, 2025 |
| RHSA-2025:19425 | (RHSA-2025:19425) Red Hat Enterprise Linux AI 1.5 (AMD) | November 3, 2025 |
By the Year
In 2026 there have been 12 vulnerabilities in Red Hat Enterprise Linux Ai with an average score of 7.4 out of ten. Last year, in 2025 Enterprise Linux Ai had 2 security vulnerabilities published. That is, 10 more vulnerabilities have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 2.01.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 12 | 7.41 |
| 2025 | 2 | 5.40 |
| 2024 | 4 | 6.18 |
It may take a day or so for new Enterprise Linux Ai vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Enterprise Linux Ai Security Vulnerabilities
RCE via AV1 SVC ID Bounds in libaom Encoder
CVE-2026-56211
7.1 - High
- June 19, 2026
A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC (Scalable Video Coding) layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer context structures. In fork-based video processing services, an attacker can use this to hijack the cyclic refresh map pointer, brute-force the process base address via a crash oracle, and redirect control flow to achieve arbitrary command execution. Exploitation requires the target service to use libaom with SVC encoding enabled and accept attacker-supplied video frames.
Memory Corruption
libaom Heap-Buffer-Overflow in SVC Layer ID Read (CVE-2026-56210)
CVE-2026-56210
7.1 - High
- June 19, 2026
A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory).
Out-of-bounds Read
LIBAOM AV1 Codec Arbitrary Address Write via SVC Layer Control
CVE-2026-56209
7.1 - High
- June 19, 2026
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution.
Memory Corruption
Heap Overflow in libaom's AV1 Encoder LAP Mode
CVE-2026-56208
7.6 - High
- June 19, 2026
A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution.
Heap-based Buffer Overflow
FFmpeg RASC Decoder UAF via deallocated buffer in move_table
CVE-2026-12706
6.5 - Medium
- June 19, 2026
A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed buffer, but a subsequent reallocation of that same buffer during move-table processing leaves the pointer dangling. An attacker could exploit this by providing a specially crafted AVI file containing a malicious RASC video stream. When a user opens or plays the file, the decoder reads from freed heap memory, which could lead to a denial of service (crash).
Dangling pointer
vLLM Image Metadata Handling CVE: EXIF/TPNG tRNS Vulnerability
CVE-2026-12491
4.8 - Medium
- June 17, 2026
A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency (tRNS) data, during image processing. When images are converted to RGB, transparency information may be implicitly discarded or remapped, leading to unexpected rendering of transparent pixels and distortion of input content. This can result in the model misinterpreting image content, potentially affecting the integrity of processed data.
Misinterpretation of Input
Host Header Validation Bypass in Starlette <1.0.1 Leading to Routing Bypass
CVE-2026-48710
6.5 - Medium
- May 26, 2026
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm relies on the raw HTTP path while `request.url` is rebuilt from the `Host` header, a malformed header could make `request.url.path` differ from the path that was actually requested. Middleware and endpoints that apply security restrictions based on `request.url` (rather than the raw `scope` path) could therefore be bypassed. Users should upgrade to a version greater than or equal to version 1.0.1, which validates the `Host` header against the grammar of RFC 9112 §3.2 / RFC 3986 §3.2.2 when constructing `request.url` and falls back to `scope["server"]` for malformed values.
HTTP Request Smuggling
ChromaDB 1.0.0+ Preauth Code Injection via /api/v2/tenants/...
CVE-2026-45829
10 - Critical
- May 18, 2026
A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint.
Code Injection
InstructLab: Arbitrary Code Exec via trust_remote_code True
CVE-2026-6859
8.8 - High
- April 22, 2026
A flaw was found in InstructLab. The `linux_train.py` script hardcodes `trust_remote_code=True` when loading models from HuggingFace. This allows a remote attacker to achieve arbitrary Python code execution by convincing a user to run `ilab train/download/generate` with a specially crafted malicious model from the HuggingFace Hub. This vulnerability can lead to complete system compromise.
Inclusion of Functionality from Untrusted Control Sphere
InstructLab: Path Traversal in logs_dir Enables Local File Write
CVE-2026-6855
7.1 - High
- April 22, 2026
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the `logs_dir` parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to unauthorized data modification or disclosure.
Directory traversal
CVE-2026-6385 FFmpeg DVD Subtitle Signed Int Overflow -> Heap OOB Write
CVE-2026-6385
6.5 - Medium
- April 15, 2026
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds checks, leading to a heap out-of-bounds write. Successful exploitation can result in a denial of service (DoS) due to an application crash, and potentially lead to arbitrary code execution.
Integer Overflow or Wraparound
vLLM 0.8.3<0.14.1 Heap Leak via PIL in Multimodal Endpoint
CVE-2026-22778
9.8 - Critical
- February 02, 2026
vLLM is an inference and serving engine for large language models (LLMs). From 0.8.3 to before 0.14.1, when an invalid image is sent to vLLM's multimodal endpoint, PIL throws an error. vLLM returns this error to the client, leaking a heap address. With this leak, we reduce ASLR from 4 billion guesses to ~8 guesses. This vulnerability can be chained a heap overflow with JPEG2000 decoder in OpenCV/FFmpeg to achieve remote code execution. This vulnerability is fixed in 0.14.1.
Insertion of Sensitive Information into Log File
vLLM MediaConnector SSRF via load_from_url
CVE-2025-6242
7.1 - High
- October 07, 2025
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.
SSRF
CIRCL FourQ RCE via Low-Order Point Injection in Diffie-Hellman
CVE-2025-8556
3.7 - Low
- August 06, 2025
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Improper Validation of Specified Type of Input
Ansible-Core Unsafe Content Protection Bypass via Hostvars Object
CVE-2024-11079
5.5 - Medium
- November 12, 2024
A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks.
Improper Input Validation
DoS via best_of overuse in ilab vllm API
CVE-2024-8939
6.2 - Medium
- September 17, 2024
A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service.
Resource Exhaustion
vLLM API crash via empty prompt causes DoS
CVE-2024-8768
7.5 - High
- September 17, 2024
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
assertion failure
Ansible include_vars leak: Vault secrets exposed in logs
CVE-2024-8775
5.5 - Medium
- September 14, 2024
A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as include_vars to load vaulted variables without setting the no_log: true parameter, resulting in sensitive data being printed in the playbook output or logs. This can lead to the unintentional disclosure of secrets like passwords or API keys, compromising security and potentially allowing unauthorized access or actions.
Insertion of Sensitive Information into Log File
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Ai or by Red Hat? Click the Watch button to subscribe.
