Описание
ELSA-2026-50095: Unbreakable Enterprise kernel security update (IMPORTANT)
[5.15.0-316.196.4.2]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca)
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (Gopi Krishna Menon)
- ext4: clear i_state_flags when alloc inode (Haibo Chen)
- ext4: align max orphan file size with e2fsprogs limit (Baokun Li)
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM (Rafael J. Wysocki)
- net: enetc: fix build warning when PAGE_SIZE is greater than 128K (Wei Fang)
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (Xiang Mei)
- block: fix comment for op_is_zone_mgmt() to include RESET_ALL (shechenglong)
- fuse: fix readahead reclaim deadlock (Joanne Koong)
- i40e: validate ring_len parameter against hardware-specific values (Gregory Herrero)
- fs/ntfs3: fix mount failure for sparse runs in run_unpack() (Konstantin Komarov)
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38933003] {CVE-2025-40215}
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38932997] {CVE-2025-40258}
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38932992]
- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [Orabug: 38932991] {CVE-2025-38566}
- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [Orabug: 38932988] {CVE-2025-38571}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
bpftool
5.15.0-316.196.4.2.el8uek
kernel-uek
5.15.0-316.196.4.2.el8uek
kernel-uek-container
5.15.0-316.196.4.2.el8uek
kernel-uek-container-debug
5.15.0-316.196.4.2.el8uek
kernel-uek-core
5.15.0-316.196.4.2.el8uek
kernel-uek-debug
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-core
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-devel
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-modules
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-modules-extra
5.15.0-316.196.4.2.el8uek
kernel-uek-devel
5.15.0-316.196.4.2.el8uek
kernel-uek-doc
5.15.0-316.196.4.2.el8uek
kernel-uek-modules
5.15.0-316.196.4.2.el8uek
kernel-uek-modules-extra
5.15.0-316.196.4.2.el8uek
Oracle Linux x86_64
bpftool
5.15.0-316.196.4.2.el8uek
kernel-uek
5.15.0-316.196.4.2.el8uek
kernel-uek-container
5.15.0-316.196.4.2.el8uek
kernel-uek-container-debug
5.15.0-316.196.4.2.el8uek
kernel-uek-core
5.15.0-316.196.4.2.el8uek
kernel-uek-debug
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-core
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-devel
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-modules
5.15.0-316.196.4.2.el8uek
kernel-uek-debug-modules-extra
5.15.0-316.196.4.2.el8uek
kernel-uek-devel
5.15.0-316.196.4.2.el8uek
kernel-uek-doc
5.15.0-316.196.4.2.el8uek
kernel-uek-modules
5.15.0-316.196.4.2.el8uek
kernel-uek-modules-extra
5.15.0-316.196.4.2.el8uek
Oracle Linux 9
Oracle Linux aarch64
bpftool
5.15.0-316.196.4.2.el9uek
kernel-uek
5.15.0-316.196.4.2.el9uek
kernel-uek-container
5.15.0-316.196.4.2.el9uek
kernel-uek-container-debug
5.15.0-316.196.4.2.el9uek
kernel-uek-core
5.15.0-316.196.4.2.el9uek
kernel-uek-debug
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-core
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-devel
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-modules
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-modules-extra
5.15.0-316.196.4.2.el9uek
kernel-uek-devel
5.15.0-316.196.4.2.el9uek
kernel-uek-doc
5.15.0-316.196.4.2.el9uek
kernel-uek-modules
5.15.0-316.196.4.2.el9uek
kernel-uek-modules-extra
5.15.0-316.196.4.2.el9uek
kernel-uek64k
5.15.0-316.196.4.2.el9uek
kernel-uek64k-core
5.15.0-316.196.4.2.el9uek
kernel-uek64k-devel
5.15.0-316.196.4.2.el9uek
kernel-uek64k-modules
5.15.0-316.196.4.2.el9uek
kernel-uek64k-modules-extra
5.15.0-316.196.4.2.el9uek
Oracle Linux x86_64
bpftool
5.15.0-316.196.4.2.el9uek
kernel-uek
5.15.0-316.196.4.2.el9uek
kernel-uek-container
5.15.0-316.196.4.2.el9uek
kernel-uek-container-debug
5.15.0-316.196.4.2.el9uek
kernel-uek-core
5.15.0-316.196.4.2.el9uek
kernel-uek-debug
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-core
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-devel
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-modules
5.15.0-316.196.4.2.el9uek
kernel-uek-debug-modules-extra
5.15.0-316.196.4.2.el9uek
kernel-uek-devel
5.15.0-316.196.4.2.el9uek
kernel-uek-doc
5.15.0-316.196.4.2.el9uek
kernel-uek-modules
5.15.0-316.196.4.2.el9uek
kernel-uek-modules-extra
5.15.0-316.196.4.2.el9uek
Ссылки на источники
Связанные уязвимости
ELSA-2025-20608: Unbreakable Enterprise kernel security update (IMPORTANT)
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payload buffer. This patch proposes to rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed msg buffer and read in the control message such as a TLS alert. Msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterator...
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payload buffer. This patch proposes to rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed msg buffer and read in the control message such as a TLS alert. Msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterator...
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payload buffer. This patch proposes to rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed msg buffer and read in the control message such as a TLS alert. Msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterat