ELSA-2025-17397

Опубликовано: 07 окт. 2025

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2025-17397: kernel security update (MODERATE)

[4.18.0-553.78.1_10.OL8]

Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.78.1_10]

mm/migrate: set swap entry values of THP tail pages properly. (Luiz Capitulino) [RHEL-101302]
smb: client: fix use-after-free in cifs_oplock_break (Paulo Alcantara) [RHEL-111190] {CVE-2025-38527}
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CKI Backport Bot) [RHEL-113603] {CVE-2025-39730}

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

kernel-tools-libs-devel

4.18.0-553.78.1.el8_10

bpftool

4.18.0-553.78.1.el8_10

kernel-cross-headers

4.18.0-553.78.1.el8_10

kernel-headers

4.18.0-553.78.1.el8_10

kernel-tools

4.18.0-553.78.1.el8_10

kernel-tools-libs

4.18.0-553.78.1.el8_10

perf

4.18.0-553.78.1.el8_10

python3-perf

4.18.0-553.78.1.el8_10

Oracle Linux x86_64

kernel-tools-libs-devel

4.18.0-553.78.1.el8_10

bpftool

4.18.0-553.78.1.el8_10

kernel

4.18.0-553.78.1.el8_10

kernel-abi-stablelists

4.18.0-553.78.1.el8_10

kernel-core

4.18.0-553.78.1.el8_10

kernel-cross-headers

4.18.0-553.78.1.el8_10

kernel-debug

4.18.0-553.78.1.el8_10

kernel-debug-core

4.18.0-553.78.1.el8_10

kernel-debug-devel

4.18.0-553.78.1.el8_10

kernel-debug-modules

4.18.0-553.78.1.el8_10

kernel-debug-modules-extra

4.18.0-553.78.1.el8_10

kernel-devel

4.18.0-553.78.1.el8_10

kernel-doc

4.18.0-553.78.1.el8_10

kernel-headers

4.18.0-553.78.1.el8_10

kernel-modules

4.18.0-553.78.1.el8_10

kernel-modules-extra

4.18.0-553.78.1.el8_10

kernel-tools

4.18.0-553.78.1.el8_10

kernel-tools-libs

4.18.0-553.78.1.el8_10

perf

4.18.0-553.78.1.el8_10

python3-perf

4.18.0-553.78.1.el8_10

Связанные CVE

CVE-2025-39730

CVE-2025-38527

Ссылки на источники

Связанные уязвимости

CVE-2025-38527

ubuntu

4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileInfo_put(cfile) cifsFileInfo_put_final() cifs_sb_deactive() [last ref, start releasing sb] kill_sb() kill_anon_super() generic_shutdown_super() evict_inodes() dispose_list() evict() destroy_inode() call_rcu(&inode->i_rcu, i_callback) spin_lock(&cinode->open_file_lock) <- OK [later] i_callback() cifs_free_inode() kmem_cache_free(cinode) spin_unlock(&cinode->open_file_lock) <- UAF cifs_done_oplock_break(cinode) <- UAF The issue occurs when umount has already released its reference to the superblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this releases the last reference, triggering the immediate cleanup of all inodes under RCU. However, cifs_oplock_break() continues to access the cinode after this poi...