Описание
ELSA-2025-28066: Unbreakable Enterprise kernel security update (IMPORTANT)
[6.12.0-106.55.4.2]
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) {CVE-2025-40271}
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) {CVE-2025-40215}
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
kernel-uek
6.12.0-106.55.4.2.el10uek
kernel-uek-core
6.12.0-106.55.4.2.el10uek
kernel-uek-debug
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-core
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-devel
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-core
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-desktop
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-extra
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-usb
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-wireless
6.12.0-106.55.4.2.el10uek
kernel-uek-devel
6.12.0-106.55.4.2.el10uek
kernel-uek-modules
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-core
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-deprecated
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-desktop
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-extra
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-usb
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-wireless
6.12.0-106.55.4.2.el10uek
kernel-uek-tools
6.12.0-106.55.4.2.el10uek
kernel-uek64k
6.12.0-106.55.4.2.el10uek
kernel-uek64k-core
6.12.0-106.55.4.2.el10uek
kernel-uek64k-devel
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules-core
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules-deprecated
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules-desktop
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules-extra
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules-extra-netfilter
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules-usb
6.12.0-106.55.4.2.el10uek
kernel-uek64k-modules-wireless
6.12.0-106.55.4.2.el10uek
Oracle Linux x86_64
kernel-uek
6.12.0-106.55.4.2.el10uek
kernel-uek-core
6.12.0-106.55.4.2.el10uek
kernel-uek-debug
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-core
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-devel
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-core
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-desktop
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-extra
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-usb
6.12.0-106.55.4.2.el10uek
kernel-uek-debug-modules-wireless
6.12.0-106.55.4.2.el10uek
kernel-uek-devel
6.12.0-106.55.4.2.el10uek
kernel-uek-doc
6.12.0-106.55.4.2.el10uek
kernel-uek-modules
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-core
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-deprecated
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-desktop
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-extra
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-usb
6.12.0-106.55.4.2.el10uek
kernel-uek-modules-wireless
6.12.0-106.55.4.2.el10uek
kernel-uek-tools
6.12.0-106.55.4.2.el10uek
Oracle Linux 9
Oracle Linux aarch64
kernel-uek
6.12.0-106.55.4.2.el9uek
kernel-uek-core
6.12.0-106.55.4.2.el9uek
kernel-uek-debug
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-core
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-devel
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-core
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-deprecated
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-desktop
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-extra
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-usb
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-wireless
6.12.0-106.55.4.2.el9uek
kernel-uek-devel
6.12.0-106.55.4.2.el9uek
kernel-uek-modules
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-core
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-deprecated
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-desktop
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-extra
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-extra-netfilter
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-usb
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-wireless
6.12.0-106.55.4.2.el9uek
kernel-uek-tools
6.12.0-106.55.4.2.el9uek
kernel-uek64k
6.12.0-106.55.4.2.el9uek
kernel-uek64k-core
6.12.0-106.55.4.2.el9uek
kernel-uek64k-devel
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules-core
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules-deprecated
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules-desktop
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules-extra
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules-extra-netfilter
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules-usb
6.12.0-106.55.4.2.el9uek
kernel-uek64k-modules-wireless
6.12.0-106.55.4.2.el9uek
Oracle Linux x86_64
kernel-uek
6.12.0-106.55.4.2.el9uek
kernel-uek-core
6.12.0-106.55.4.2.el9uek
kernel-uek-debug
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-core
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-devel
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-core
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-deprecated
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-desktop
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-extra
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-usb
6.12.0-106.55.4.2.el9uek
kernel-uek-debug-modules-wireless
6.12.0-106.55.4.2.el9uek
kernel-uek-devel
6.12.0-106.55.4.2.el9uek
kernel-uek-doc
6.12.0-106.55.4.2.el9uek
kernel-uek-modules
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-core
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-deprecated
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-desktop
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-extra
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-extra-netfilter
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-usb
6.12.0-106.55.4.2.el9uek
kernel-uek-modules-wireless
6.12.0-106.55.4.2.el9uek
kernel-uek-tools
6.12.0-106.55.4.2.el9uek
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- trave...
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ---------------------------------------------------------------
In the Linux kernel, the following vulnerability has been resolved: f ...
In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a reference to that user state still exists, the fallback state will remain on the hashtables/lists, triggering the WARN in xfrm_state_fini. Because of those remaining references, the fix in commit f75a2804da39 ("xfrm: destroy xfrm_state synchronously on net exit path") is not complete. We recently fixed one such situation in TCP due to defered freeing of skbs (commit 9b6412e6979f ("tcp: drop secpath at the same time as we currently drop dst")). This can also happen due to IP reassembly: skbs with a secpath remain on the reassembly queue until netns destruction. If we can't guarantee that the queues are flushed by the time xfrm_state_fini runs, there may still be references to a (user) xfrm_state, preventing the...
In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a reference to that user state still exists, the fallback state will remain on the hashtables/lists, triggering the WARN in xfrm_state_fini. Because of those remaining references, the fix in commit f75a2804da39 ("xfrm: destroy xfrm_state synchronously on net exit path") is not complete. We recently fixed one such situation in TCP due to defered freeing of skbs (commit 9b6412e6979f ("tcp: drop secpath at the same time as we currently drop dst")). This can also happen due to IP reassembly: skbs with a secpath remain on the reassembly queue until netns destruction. If we can't guarantee that the queues are flushed by the time xfrm_state_fini runs, there may still be references to a (user) xfrm_state, preventing the