Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-14987

Опубликовано: 17 сент. 2025
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2025-14987: kernel security update (MODERATE)

[3.10.0-1160.119.1.0.11.el7.OL7]

  • kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
  • kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
  • kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
  • kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
  • kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
  • kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
  • kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)
  • kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)
  • kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
  • crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

bpftool

3.10.0-1160.119.1.0.11.el7

kernel

3.10.0-1160.119.1.0.11.el7

kernel-abi-whitelists

3.10.0-1160.119.1.0.11.el7

kernel-debug

3.10.0-1160.119.1.0.11.el7

kernel-debug-devel

3.10.0-1160.119.1.0.11.el7

kernel-devel

3.10.0-1160.119.1.0.11.el7

kernel-doc

3.10.0-1160.119.1.0.11.el7

kernel-headers

3.10.0-1160.119.1.0.11.el7

kernel-tools

3.10.0-1160.119.1.0.11.el7

kernel-tools-libs

3.10.0-1160.119.1.0.11.el7

kernel-tools-libs-devel

3.10.0-1160.119.1.0.11.el7

perf

3.10.0-1160.119.1.0.11.el7

python-perf

3.10.0-1160.119.1.0.11.el7

Связанные CVE

CVE-2025-38079

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-38079

ubuntu
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.

redhat логотип

CVE-2025-38079

CVSS3: 7
redhat
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.

nvd логотип

CVE-2025-38079

nvd
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_release, leading to slab-use-after-free error.

msrc логотип

CVE-2025-38079

msrc
около 2 месяцев назад

Описание отсутствует

debian логотип

CVE-2025-38079

debian
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: c ...