VDB
RHSA-2026%3A2951
RHSA-2026%3A2951
PUBLISHED
CVSS 7 HIGH
A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le, registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le, registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le |
| Red Hat | registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:ae2844cd56a695a0b86aaf2c2a7d0cfd3cd468a7f75bbd697badf68fb7b6c45f_s390x as a component of OpenShift API for Data Protection 1.4 | *, *, * |
| Red Hat | registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64 as a component of OpenShift API for Data Protection 1.4 | *, *, registry.redhat.io/oadp/oadp-rhel9-operator@sha256:6e5ab7666201e1f5ccc8ce39a04eb2f06104195678f0eb1ac53dd6407f40b205_arm64 |
| Red Hat | registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64 as a component of OpenShift API for Data Protection 1.4 | *, *, registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:d4dcec8fdd305607b23b8d9deaa986e191852bc957d88cc3ed79363232f03f2f_amd64 |
| Red Hat | registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le, registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le, registry.redhat.io/oadp/oadp-rhel9-operator@sha256:d7f81c1817fa00d8ad1b7884bc9621a64fe26d374d86d5f681d6d2c53b9d66b4_ppc64le |
| Red Hat | registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x, *, registry.redhat.io/oadp/oadp-rhel9-operator@sha256:7c23610958889833ac5f43958bccf50e4662b652db57e87e5413ecd7ed875be1_s390x |
| Red Hat | registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x as a component of OpenShift API for Data Protection 1.4 | *, registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x, registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:a26701ac648c1a4f422b94a750798a4358f95fb51f7e67c6b9486a989329cf4f_s390x |
| Red Hat | registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x as a component of OpenShift API for Data Protection 1.4 | *, registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x, registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:767341f14ab16e337e66eae3a1c8d4cbb37b791cc31d085ddd817223b43c9c6b_s390x |
| Red Hat | registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le, registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le, registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:31a39d4d29a3de6e2bed3a1cf48398f9d03a73b32b64d0333f5eeac04b44bb30_ppc64le |
| Red Hat | registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64 as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64, *, registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e770742cd2e0ce33226ea051d5a4d659f12aa7de63e5a9ee341d3dd4e8d1c47c_amd64 |
| Red Hat | registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64 as a component of OpenShift API for Data Protection 1.4 | *, registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64, registry.redhat.io/oadp/oadp-velero-rhel9@sha256:1c8a130d6e033bb7693ff6ddb7000fc6097d89dacbf4a2377b8f27ef7030d4e4_arm64 |
| Red Hat | registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le as a component of OpenShift API for Data Protection 1.4 | *, registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9@sha256:0cbc576dcb0bce7cdce2949bbd76be8bc9ada610d95c2bfc0353d4512a03a5b7_ppc64le, * |
| Red Hat | registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64 as a component of OpenShift API for Data Protection 1.4 | *, registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64, registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:10afafe878bcf82a9aee8ed2c5d7ef41dc41ec8d6dd657fcd07a32245e1a2a1f_arm64 |
| Red Hat | registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le as a component of OpenShift API for Data Protection 1.4 | *, *, registry.redhat.io/oadp/oadp-mustgather-rhel9@sha256:322611fa1f6e73013902ef235a520d1100ee6c6ae83a0a82700712aad9c81334_ppc64le |
| Red Hat | registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64 as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64, *, registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:c0f2e83777eb449f2e0cbf02f8095fa22fbbcba72a2956b51de2285ebe120f4c_amd64 |
| Red Hat | registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64 as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aacf636e5383c337d21dd9120d019980720caa3e20e3851d59c316ef09213041_arm64, *, * |
| Red Hat | registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64 as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64, registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64, registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64 |
| Red Hat | registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le, registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le, registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:0335cb647a394e9c9b9c0fd32f8dfb0051432b73968d7a3b0313499da7de9a96_ppc64le |
| Red Hat | registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64 as a component of OpenShift API for Data Protection 1.4 | registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64, registry.redhat.io/oadp/oadp-operator-bundle@sha256:6df8c66ca55c7ce1b6440d888ef5a6c1a406285a38121cd6cf724378d97cad89_amd64, * |
| golang | Go |
…and 67 more
Timeline
- Feb 18, 2026 CVE Published
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Distribution Patch
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Apr 24, 2026 Security Advisory
- Jul 8, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2026:2951 advisory
- https://access.redhat.com/security/cve/CVE-2025-47907 advisory
- https://access.redhat.com/security/cve/CVE-2025-52881 advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 advisory
- https://access.redhat.com/security/updates/classification/ advisory
- https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/backup_and_restore/oadp-application-backup-and-restore advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2951.json advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2387083 issue
- https://www.cve.org/CVERecord?id=CVE-2025-47907 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-47907 advisory
- https://go.dev/cl/693735 advisory
- https://go.dev/issue/74831 advisory
- https://groups.google.com/g/golang-announce/c/x5MKroML2yM advisory
- https://pkg.go.dev/vuln/GO-2025-3849 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2404715 issue
- https://www.cve.org/CVERecord?id=CVE-2025-52881 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-52881 advisory
- https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm advisory
- https://github.com/opencontainers/selinux/pull/237 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 issue
…and 6 more