Описание
ELSA-2026-50060: Unbreakable Enterprise kernel security update (IMPORTANT)
[6.12.0-107.59.3.3]
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38858283] {CVE-2025-40248}
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
kernel-uek
6.12.0-107.59.3.3.el10uek
kernel-uek-core
6.12.0-107.59.3.3.el10uek
kernel-uek-debug
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-core
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-devel
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-core
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-desktop
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-extra
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-usb
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-wireless
6.12.0-107.59.3.3.el10uek
kernel-uek-devel
6.12.0-107.59.3.3.el10uek
kernel-uek-modules
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-core
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-deprecated
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-desktop
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-extra
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-usb
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-wireless
6.12.0-107.59.3.3.el10uek
kernel-uek-tools
6.12.0-107.59.3.3.el10uek
kernel-uek64k
6.12.0-107.59.3.3.el10uek
kernel-uek64k-core
6.12.0-107.59.3.3.el10uek
kernel-uek64k-devel
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules-core
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules-deprecated
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules-desktop
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules-extra
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules-extra-netfilter
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules-usb
6.12.0-107.59.3.3.el10uek
kernel-uek64k-modules-wireless
6.12.0-107.59.3.3.el10uek
Oracle Linux x86_64
kernel-uek
6.12.0-107.59.3.3.el10uek
kernel-uek-core
6.12.0-107.59.3.3.el10uek
kernel-uek-debug
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-core
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-devel
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-core
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-deprecated
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-desktop
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-extra
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-usb
6.12.0-107.59.3.3.el10uek
kernel-uek-debug-modules-wireless
6.12.0-107.59.3.3.el10uek
kernel-uek-devel
6.12.0-107.59.3.3.el10uek
kernel-uek-doc
6.12.0-107.59.3.3.el10uek
kernel-uek-modules
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-core
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-deprecated
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-desktop
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-extra
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-extra-netfilter
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-usb
6.12.0-107.59.3.3.el10uek
kernel-uek-modules-wireless
6.12.0-107.59.3.3.el10uek
kernel-uek-tools
6.12.0-107.59.3.3.el10uek
Oracle Linux 9
Oracle Linux aarch64
kernel-uek
6.12.0-107.59.3.3.el9uek
kernel-uek-core
6.12.0-107.59.3.3.el9uek
kernel-uek-debug
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-core
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-devel
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-core
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-deprecated
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-desktop
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-extra
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-usb
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-wireless
6.12.0-107.59.3.3.el9uek
kernel-uek-devel
6.12.0-107.59.3.3.el9uek
kernel-uek-modules
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-core
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-deprecated
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-desktop
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-extra
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-extra-netfilter
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-usb
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-wireless
6.12.0-107.59.3.3.el9uek
kernel-uek-tools
6.12.0-107.59.3.3.el9uek
kernel-uek64k
6.12.0-107.59.3.3.el9uek
kernel-uek64k-core
6.12.0-107.59.3.3.el9uek
kernel-uek64k-devel
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules-core
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules-deprecated
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules-desktop
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules-extra
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules-extra-netfilter
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules-usb
6.12.0-107.59.3.3.el9uek
kernel-uek64k-modules-wireless
6.12.0-107.59.3.3.el9uek
Oracle Linux x86_64
kernel-uek
6.12.0-107.59.3.3.el9uek
kernel-uek-core
6.12.0-107.59.3.3.el9uek
kernel-uek-debug
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-core
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-devel
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-core
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-deprecated
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-desktop
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-extra
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-extra-netfilter
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-usb
6.12.0-107.59.3.3.el9uek
kernel-uek-debug-modules-wireless
6.12.0-107.59.3.3.el9uek
kernel-uek-devel
6.12.0-107.59.3.3.el9uek
kernel-uek-doc
6.12.0-107.59.3.3.el9uek
kernel-uek-modules
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-core
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-deprecated
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-desktop
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-extra
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-extra-netfilter
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-usb
6.12.0-107.59.3.3.el9uek
kernel-uek-modules-wireless
6.12.0-107.59.3.3.el9uek
kernel-uek-tools
6.12.0-107.59.3.3.el9uek
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling. 2. connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs. 3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref. Do not disconnect socket on signal/timeout. Keep the logi...
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling. 2. connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs. 3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref. Do not disconnect socket on si
vsock: Ignore signal/timeout on connect() if already established
In the Linux kernel, the following vulnerability has been resolved: v ...
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock_transport_cancel_pkt() -> virtio_transport_purge_skbs() may race with sendmsg() invoking virtio_transport_get_credit(). This results in a permanently elevated `vvs->bytes_unsent`. Which, in turn, confuses the SOCK_LINGER handling. 2. connect() resetting a connected socket's state may race with socket being placed in a sockmap. A disconnected socket remaining in a sockmap breaks sockmap's assumptions. And gives rise to WARNs. 3. connect() transitioning SS_CONNECTED -> SS_UNCONNECTED allows for a transport change/drop after TCP_ESTABLISHED. Which poses a problem for any simultaneous sendmsg() or connect() and may result in a use-after-free/null-ptr-deref. Do not disconnect socket on...