Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:12662

Опубликовано: 03 окт. 2025
Источник: rocky
Оценка: Important

Описание

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: padata: fix UAF in padata_reorder (CVE-2025-21727)

  • kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)

  • kernel: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CVE-2025-21929)

  • kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020)

  • kernel: ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113)

  • kernel: RDMA/core: Fix use-after-free when rename device name (CVE-2025-22085)

  • kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)

  • kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052)

  • kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086)

  • kernel: net/sched: fix use-after-free in taprio_dev_notifier (CVE-2025-38087)

  • kernel: nvme-tcp: sanitize request list handling (CVE-2025-38264)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
kernelx86_6455.25.1.el10_0kernel-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-abi-stablelistsnoarch55.25.1.el10_0kernel-abi-stablelists-6.12.0-55.25.1.el10_0.noarch.rpm
kernel-corex86_6455.25.1.el10_0kernel-core-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-debugx86_6455.25.1.el10_0kernel-debug-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-debug-corex86_6455.25.1.el10_0kernel-debug-core-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-debuginfo-common-x86_64x86_6455.25.1.el10_0kernel-debuginfo-common-x86_64-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-debug-modulesx86_6455.25.1.el10_0kernel-debug-modules-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-debug-modules-corex86_6455.25.1.el10_0kernel-debug-modules-core-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-debug-modules-extrax86_6455.25.1.el10_0kernel-debug-modules-extra-6.12.0-55.25.1.el10_0.x86_64.rpm
kernel-debug-uki-virtx86_6455.25.1.el10_0kernel-debug-uki-virt-6.12.0-55.25.1.el10_0.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-21727
CVE-2025-21928
CVE-2025-21929
CVE-2025-22020
CVE-2025-22085
CVE-2025-22113
CVE-2025-37890
CVE-2025-38052
CVE-2025-38086
CVE-2025-38087
CVE-2025-38264

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-12662

oracle-oval
3 месяца назад

ELSA-2025-12662: kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2025-12746

oracle-oval
3 месяца назад

ELSA-2025-12746: kernel security update (IMPORTANT)

ubuntu логотип

CVE-2025-21727

CVSS3: 7.8
ubuntu
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+ Workqueue: pdecrypt_parallel padata_parallel_worker Call Trace: <TASK> dump_stack_lvl+0x32/0x50 print_address_description.constprop.0+0x6b/0x3d0 print_report+0xdd/0x2c0 kasan_report+0xa5/0xd0 padata_find_next+0x29/0x1a0 padata_reorder+0x131/0x220 padata_parallel_worker+0x3d/0xc0 process_one_work+0x2ec/0x5a0 If 'mdelay(10)' is added before calling 'padata_find_next' in the 'padata_reorder' function, this issue could be reproduced easily with ltp test (pcrypt_aead01). This can be explained as bellow: pcrypt_aead_encrypt ... padata_do_parallel refcount_inc(&pd->refcnt); // add refcnt ... padata_do_serial padata_reorder // pd while (1) { padata_fin...

redhat логотип

CVE-2025-21727

CVSS3: 7
redhat
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+ Workqueue: pdecrypt_parallel padata_parallel_worker Call Trace: <TASK> dump_stack_lvl+0x32/0x50 print_address_description.constprop.0+0x6b/0x3d0 print_report+0xdd/0x2c0 kasan_report+0xa5/0xd0 padata_find_next+0x29/0x1a0 padata_reorder+0x131/0x220 padata_parallel_worker+0x3d/0xc0 process_one_work+0x2ec/0x5a0 If 'mdelay(10)' is added before calling 'padata_find_next' in the 'padata_reorder' function, this issue could be reproduced easily with ltp test (pcrypt_aead01). This can be explained as bellow: pcrypt_aead_encrypt ... padata_do_parallel refcount_inc(&pd->refcnt); // add refcnt ... padata_do_serial padata_reorder // pd while (1) { padata_fin...

nvd логотип

CVE-2025-21727

CVSS3: 7.8
nvd
8 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: padata: fix UAF in padata_reorder A bug was found when run ltp test: BUG: KASAN: slab-use-after-free in padata_find_next+0x29/0x1a0 Read of size 4 at addr ffff88bbfe003524 by task kworker/u113:2/3039206 CPU: 0 PID: 3039206 Comm: kworker/u113:2 Kdump: loaded Not tainted 6.6.0+ Workqueue: pdecrypt_parallel padata_parallel_worker Call Trace: <TASK> dump_stack_lvl+0x32/0x50 print_address_description.constprop.0+0x6b/0x3d0 print_report+0xdd/0x2c0 kasan_report+0xa5/0xd0 padata_find_next+0x29/0x1a0 padata_reorder+0x131/0x220 padata_parallel_worker+0x3d/0xc0 process_one_work+0x2ec/0x5a0 If 'mdelay(10)' is added before calling 'padata_find_next' in the 'padata_reorder' function, this issue could be reproduced easily with ltp test (pcrypt_aead01). This can be explained as bellow: pcrypt_aead_encrypt ... padata_do_parallel refcount_inc(&pd->refcnt); // add refcnt ... padata_do_serial padata_reorder // pd while (1) { padata