Red Hat Enterprise Linux 10 contains a double-free vulnerability in the libarchive RAR5 reader that could lead to memory corruption or arbitrary code execution.

The vulnerability resides in the libarchive library's handling of RAR5 archives, specifically triggering a double-free condition when processing malformed files. This typically requires an attacker to provide a specially crafted file to a user or service for processing.

The CVSS score of 7.5 reflects the potential for memory corruption which, in certain contexts, may be leveraged to achieve remote code execution. This poses a significant threat to system stability and security, as successful exploitation could lead to unauthorized system access or complete service failure.

Immediate Action: Update the libarchive package to the latest version released by Red Hat to patch the memory management flaw.

Proactive Monitoring: Monitor system logs for crash reports or unusual process behavior related to archive processing utilities.

Compensating Controls: Utilize endpoint protection software to scan incoming archive files for malicious patterns and restrict the execution of untrusted archive processing tools.

Public Exploit Available: false

Memory corruption vulnerabilities in core libraries are high-priority items due to their potential impact on system-wide security. Administrators should update all affected Red Hat Enterprise Linux instances as soon as the vendor-provided patch is available to ensure system integrity.