ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
The MITRE CVE dictionary describes this issue as:
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
This issue doesn't affected any versions of the openssh packaged as shipped with Red Hat Enterprise Linux 6, 7 and 8. The issues was introduced in openssh 8.2 whilst the most recent openssh version available for Red Hat Enterprise Linux 8 is based on openssh 8.0.