Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:16919

Опубликовано: 06 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)

  • kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)

  • kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087)

  • kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bpftoolx86_64553.77.1.el8_10bpftool-4.18.0-553.77.1.el8_10.x86_64.rpm
kernelx86_64553.77.1.el8_10kernel-4.18.0-553.77.1.el8_10.x86_64.rpm
kernel-abi-stablelistsnoarch553.77.1.el8_10kernel-abi-stablelists-4.18.0-553.77.1.el8_10.noarch.rpm
kernel-corex86_64553.77.1.el8_10kernel-core-4.18.0-553.77.1.el8_10.x86_64.rpm
kernel-debugx86_64553.77.1.el8_10kernel-debug-4.18.0-553.77.1.el8_10.x86_64.rpm
kernel-debug-corex86_64553.77.1.el8_10kernel-debug-core-4.18.0-553.77.1.el8_10.x86_64.rpm
kernel-debug-develx86_64553.77.1.el8_10kernel-debug-devel-4.18.0-553.77.1.el8_10.x86_64.rpm
kernel-debuginfo-common-x86_64x86_64553.77.1.el8_10kernel-debuginfo-common-x86_64-4.18.0-553.77.1.el8_10.x86_64.rpm
kernel-debug-modulesx86_64553.77.1.el8_10kernel-debug-modules-4.18.0-553.77.1.el8_10.x86_64.rpm
kernel-debug-modules-extrax86_64553.77.1.el8_10kernel-debug-modules-extra-4.18.0-553.77.1.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-50087
CVE-2025-22026
CVE-2025-37797
CVE-2025-38718

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-16919

oracle-oval
около 1 месяца назад

ELSA-2025-16919: kernel security update (MODERATE)

oracle-oval логотип

ELSA-2025-18281

oracle-oval
16 дней назад

ELSA-2025-18281: kernel security update (MODERATE)

ubuntu логотип

CVE-2022-50087

ubuntu
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.

redhat логотип

CVE-2022-50087

CVSS3: 7
redhat
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.

nvd логотип

CVE-2022-50087

nvd
5 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.