Описание
ELSA-2025-16919: kernel security update (MODERATE)
[4.18.0-553.77.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
[4.18.0-553.77.1_10]
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797}
- net_sched: hfsc: Fix a UAF vulnerability in class handling (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797}
- net: openvswitch: Fix the dead loop of MPLS parse (Aaron Conole) [RHEL-95609]
- sctp: linearize cloned gso packets in sctp_rcv (CKI Backport Bot) [RHEL-113329] {CVE-2025-38718}
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Charles Mirabile) [RHEL-109394] {CVE-2022-50087}
- nfsd: don't ignore the return code of svc_proc_register() (Olga Kornievskaia) [RHEL-111639] {CVE-2025-22026}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-tools-libs-devel
4.18.0-553.77.1.el8_10
bpftool
4.18.0-553.77.1.el8_10
kernel-cross-headers
4.18.0-553.77.1.el8_10
kernel-headers
4.18.0-553.77.1.el8_10
kernel-tools
4.18.0-553.77.1.el8_10
kernel-tools-libs
4.18.0-553.77.1.el8_10
perf
4.18.0-553.77.1.el8_10
python3-perf
4.18.0-553.77.1.el8_10
Oracle Linux x86_64
kernel-tools-libs-devel
4.18.0-553.77.1.el8_10
bpftool
4.18.0-553.77.1.el8_10
kernel
4.18.0-553.77.1.el8_10
kernel-abi-stablelists
4.18.0-553.77.1.el8_10
kernel-core
4.18.0-553.77.1.el8_10
kernel-cross-headers
4.18.0-553.77.1.el8_10
kernel-debug
4.18.0-553.77.1.el8_10
kernel-debug-core
4.18.0-553.77.1.el8_10
kernel-debug-devel
4.18.0-553.77.1.el8_10
kernel-debug-modules
4.18.0-553.77.1.el8_10
kernel-debug-modules-extra
4.18.0-553.77.1.el8_10
kernel-devel
4.18.0-553.77.1.el8_10
kernel-doc
4.18.0-553.77.1.el8_10
kernel-headers
4.18.0-553.77.1.el8_10
kernel-modules
4.18.0-553.77.1.el8_10
kernel-modules-extra
4.18.0-553.77.1.el8_10
kernel-tools
4.18.0-553.77.1.el8_10
kernel-tools-libs
4.18.0-553.77.1.el8_10
perf
4.18.0-553.77.1.el8_10
python3-perf
4.18.0-553.77.1.el8_10
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied.
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied.
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc_change_class() when working with certain child qdiscs like netem or codel. The vulnerability works as follows: 1. hfsc_change_class() checks if a class has packets (q.qlen != 0) 2. It then calls qdisc_peek_len(), which for certain qdiscs (e.g., codel, netem) might drop packets and empty the queue 3. The code continues assuming the queue is still non-empty, adding the class to vttree 4. This breaks HFSC scheduler assumptions that only non-empty classes are in vttree 5. Later, when the class is destroyed, this can lead to a Use-After-Free The fix adds a second queue length check after qdisc_peek_len() to verify the queue wasn't emptied.
In the Linux kernel, the following vulnerability has been resolved: n ...