Описание
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: media: uvcvideo: Remove dangling pointers (CVE-2024-58002)
-
kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
-
kernel: wifi: iwlwifi: limit printed string from FW file (CVE-2025-21905)
-
kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry (CVE-2025-37958)
-
kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (CVE-2025-38089)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 10
Ссылки на источники
Исправления
- Red Hat - 2348513
- Red Hat - 2348599
- Red Hat - 2356613
- Red Hat - 2367572
- Red Hat - 2375529
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org>