Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)
🔗 CVE IDs covered (9)
📋 Description
CVE-2026-3497 — openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-4424 — libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4519 — python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVE-2026-5121 — libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVE-2026-5201 — gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image CVE-2026-23868 — giflib: Giflib: Double-free vulnerability leading to memory corruption CVE-2026-26209 — cbor2: cbor2: Denial of Service due to uncontrolled recursion via crafted CBOR payloads CVE-2026-27135 — nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27893 — vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2026:19725
- externalhttps://access.redhat.com/security/cve/CVE-2026-23868
- externalhttps://access.redhat.com/security/cve/CVE-2026-26209
- externalhttps://access.redhat.com/security/cve/CVE-2026-27135
- externalhttps://access.redhat.com/security/cve/CVE-2026-27893
- externalhttps://access.redhat.com/security/cve/CVE-2026-3497
- externalhttps://access.redhat.com/security/cve/CVE-2026-4424
- externalhttps://access.redhat.com/security/cve/CVE-2026-4519
- externalhttps://access.redhat.com/security/cve/CVE-2026-5121
- externalhttps://access.redhat.com/security/cve/CVE-2026-5201
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://www.redhat.com/en/products/ai/inference-server
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_19725.json