Описание
ELSA-2025-14748: kernel security update (IMPORTANT)
[3.10.0-1160.119.1.0.11.el7.OL7]
- kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
- kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
- kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
- kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
- kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
- kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
- kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)
- kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)
- kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
- crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)
Обновленные пакеты
Oracle Linux 7
Oracle Linux x86_64
bpftool
3.10.0-1160.119.1.0.11.el7
kernel
3.10.0-1160.119.1.0.11.el7
kernel-abi-whitelists
3.10.0-1160.119.1.0.11.el7
kernel-debug
3.10.0-1160.119.1.0.11.el7
kernel-debug-devel
3.10.0-1160.119.1.0.11.el7
kernel-devel
3.10.0-1160.119.1.0.11.el7
kernel-doc
3.10.0-1160.119.1.0.11.el7
kernel-headers
3.10.0-1160.119.1.0.11.el7
kernel-tools
3.10.0-1160.119.1.0.11.el7
kernel-tools-libs
3.10.0-1160.119.1.0.11.el7
kernel-tools-libs-devel
3.10.0-1160.119.1.0.11.el7
perf
3.10.0-1160.119.1.0.11.el7
python-perf
3.10.0-1160.119.1.0.11.el7
Ссылки на источники
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>
In the Linux kernel, the following vulnerability has been resolved: m ...