Описание
ELSA-2026-50005: Unbreakable Enterprise kernel security update (IMPORTANT)
[5.4.17-2136.351.3.1]
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38787139] {CVE-2025-40271}
[5.4.17-2136.351.3]
- Reapply 'cpuidle: menu: Avoid discarding useful information' (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]
[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Hakon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)
[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-uek
5.4.17-2136.351.3.1.el8uek
kernel-uek-debug-devel
5.4.17-2136.351.3.1.el8uek
kernel-uek-devel
5.4.17-2136.351.3.1.el8uek
kernel-uek-debug
5.4.17-2136.351.3.1.el8uek
kernel-uek-doc
5.4.17-2136.351.3.1.el8uek
Oracle Linux x86_64
kernel-uek
5.4.17-2136.351.3.1.el8uek
kernel-uek-container
5.4.17-2136.351.3.1.el8uek
kernel-uek-container-debug
5.4.17-2136.351.3.1.el8uek
kernel-uek-debug
5.4.17-2136.351.3.1.el8uek
kernel-uek-debug-devel
5.4.17-2136.351.3.1.el8uek
kernel-uek-devel
5.4.17-2136.351.3.1.el8uek
kernel-uek-doc
5.4.17-2136.351.3.1.el8uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
5.4.17-2136.351.3.1.el7uek
kernel-uek-container
5.4.17-2136.351.3.1.el7uek
kernel-uek-container-debug
5.4.17-2136.351.3.1.el7uek
kernel-uek-debug
5.4.17-2136.351.3.1.el7uek
kernel-uek-debug-devel
5.4.17-2136.351.3.1.el7uek
kernel-uek-devel
5.4.17-2136.351.3.1.el7uek
kernel-uek-doc
5.4.17-2136.351.3.1.el7uek
kernel-uek-tools
5.4.17-2136.351.3.1.el7uek
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------------------- trave...
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ---------------------------------------------------------------
In the Linux kernel, the following vulnerability has been resolved: f ...
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EMPTY, then pde_subdir_next() will return NULL to avoid uaf access. We found an uaf issue while using stress-ng testing, need to run testcase getdent and tun in the same time. The steps of the issue is as follows: 1) use getdent to traverse dir /proc/pid/net/dev_snmp6/, and current pde is tun3; 2) in the [time windows] unregister netdevice tun3 and tun2, and erase them from rbtree. erase tun3 first, and then erase tun2. the pde(tun2) will be released to slab; 3) continue to getdent process, then pde_subdir_next() will return pde(tun2) which is released, it will case uaf access. CPU 0 | CPU 1 ------------------------------------------------------------...
ELSA-2025-28068: Unbreakable Enterprise kernel security update (IMPORTANT)