Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-21398

Опубликовано: 17 нояб. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-21398: kernel security update (MODERATE)

[4.18.0-553.84.1]

  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
  • Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.84.1]

  • cgroup: don't put ERR_PTR() into fc->root (CKI Backport Bot) [RHEL-123775]
  • vsock/virtio: Validate length in packet header before skb_put() (Jon Maloy) [RHEL-114296] {CVE-2025-39718}
  • NFS: remove revoked delegation from server's delegation list (Benjamin Coddington) [RHEL-123005]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

kernel-tools-libs-devel

4.18.0-553.84.1.el8_10

bpftool

4.18.0-553.84.1.el8_10

kernel-cross-headers

4.18.0-553.84.1.el8_10

kernel-headers

4.18.0-553.84.1.el8_10

kernel-tools

4.18.0-553.84.1.el8_10

kernel-tools-libs

4.18.0-553.84.1.el8_10

perf

4.18.0-553.84.1.el8_10

python3-perf

4.18.0-553.84.1.el8_10

Oracle Linux x86_64

kernel-tools-libs-devel

4.18.0-553.84.1.el8_10

bpftool

4.18.0-553.84.1.el8_10

kernel

4.18.0-553.84.1.el8_10

kernel-abi-stablelists

4.18.0-553.84.1.el8_10

kernel-core

4.18.0-553.84.1.el8_10

kernel-cross-headers

4.18.0-553.84.1.el8_10

kernel-debug

4.18.0-553.84.1.el8_10

kernel-debug-core

4.18.0-553.84.1.el8_10

kernel-debug-devel

4.18.0-553.84.1.el8_10

kernel-debug-modules

4.18.0-553.84.1.el8_10

kernel-debug-modules-extra

4.18.0-553.84.1.el8_10

kernel-devel

4.18.0-553.84.1.el8_10

kernel-doc

4.18.0-553.84.1.el8_10

kernel-headers

4.18.0-553.84.1.el8_10

kernel-modules

4.18.0-553.84.1.el8_10

kernel-modules-extra

4.18.0-553.84.1.el8_10

kernel-tools

4.18.0-553.84.1.el8_10

kernel-tools-libs

4.18.0-553.84.1.el8_10

perf

4.18.0-553.84.1.el8_10

python3-perf

4.18.0-553.84.1.el8_10

Связанные CVE

CVE-2025-39718

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-39718

ubuntu
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().

redhat логотип

CVE-2025-39718

CVSS3: 7.6
redhat
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().

nvd логотип

CVE-2025-39718

nvd
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtio_vsock_skb_rx_put(). Unfortunately, virtio_vsock_skb_rx_put() uses the length from the packet header as the length argument to skb_put(), potentially resulting in SKB overflow if the host has gone wonky. Validate the length as advertised by the packet header before calling virtio_vsock_skb_rx_put().

msrc логотип

CVE-2025-39718

CVSS3: 5.5
msrc
3 месяца назад

vsock/virtio: Validate length in packet header before skb_put()

debian логотип

CVE-2025-39718

debian
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: v ...