Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:11298

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: cifs: potential buffer overflow in handling symlinks (CVE-2022-49058)

  • kernel: media: uvcvideo: Remove dangling pointers (CVE-2024-58002)

  • kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)

  • kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CVE-2025-21991)

  • kernel: net: atm: fix use after free in lec_send() (CVE-2025-22004)

  • kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)

  • kernel: ext4: ignore xattrs past end (CVE-2025-37738)

  • kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bpftoolx86_64553.62.1.el8_10bpftool-4.18.0-553.62.1.el8_10.x86_64.rpm
kernelx86_64553.62.1.el8_10kernel-4.18.0-553.62.1.el8_10.x86_64.rpm
kernel-abi-stablelistsnoarch553.62.1.el8_10kernel-abi-stablelists-4.18.0-553.62.1.el8_10.noarch.rpm
kernel-corex86_64553.62.1.el8_10kernel-core-4.18.0-553.62.1.el8_10.x86_64.rpm
kernel-cross-headersx86_64553.62.1.el8_10kernel-cross-headers-4.18.0-553.62.1.el8_10.x86_64.rpm
kernel-debugx86_64553.62.1.el8_10kernel-debug-4.18.0-553.62.1.el8_10.x86_64.rpm
kernel-debug-corex86_64553.62.1.el8_10kernel-debug-core-4.18.0-553.62.1.el8_10.x86_64.rpm
kernel-debug-develx86_64553.62.1.el8_10kernel-debug-devel-4.18.0-553.62.1.el8_10.x86_64.rpm
kernel-debuginfo-common-x86_64x86_64553.62.1.el8_10kernel-debuginfo-common-x86_64-4.18.0-553.62.1.el8_10.x86_64.rpm
kernel-debug-modulesx86_64553.62.1.el8_10kernel-debug-modules-4.18.0-553.62.1.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-49058
CVE-2022-49788
CVE-2024-57980
CVE-2024-58002
CVE-2025-21991
CVE-2025-22004
CVE-2025-23150
CVE-2025-37738

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-11298

oracle-oval
20 дней назад

ELSA-2025-11298: kernel security update (MODERATE)

ubuntu логотип

CVE-2022-49058

CVSS3: 7.8
ubuntu
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer.

redhat логотип

CVE-2022-49058

CVSS3: 7
redhat
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer.

nvd логотип

CVE-2022-49058

CVSS3: 7.8
nvd
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused because Smatch marks 'link_len' as untrusted since it comes from sscanf(). Add a check to ensure that 'link_len' is not larger than the size of the 'link_str' buffer.

debian логотип

CVE-2022-49058

CVSS3: 7.8
debian
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: c ...