Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:17776

Опубликовано: 18 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556)

  • kernel: wifi: ath12k: Decrement TID on RX peer frag setup error handling (CVE-2025-39761)

  • kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
kernelx86_6455.39.1.el10_0kernel-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-abi-stablelistsnoarch55.39.1.el10_0kernel-abi-stablelists-6.12.0-55.39.1.el10_0.noarch.rpm
kernel-corex86_6455.39.1.el10_0kernel-core-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-debugx86_6455.39.1.el10_0kernel-debug-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-debug-corex86_6455.39.1.el10_0kernel-debug-core-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-debuginfo-common-x86_64x86_6455.39.1.el10_0kernel-debuginfo-common-x86_64-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-debug-modulesx86_6455.39.1.el10_0kernel-debug-modules-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-debug-modules-corex86_6455.39.1.el10_0kernel-debug-modules-core-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-debug-modules-extrax86_6455.39.1.el10_0kernel-debug-modules-extra-6.12.0-55.39.1.el10_0.x86_64.rpm
kernel-debug-uki-virtx86_6455.39.1.el10_0kernel-debug-uki-virt-6.12.0-55.39.1.el10_0.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-38556
CVE-2025-39757
CVE-2025-39761

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-17776

oracle-oval
23 дня назад

ELSA-2025-17776: kernel security update (MODERATE)

oracle-oval логотип

ELSA-2025-17760

oracle-oval
23 дня назад

ELSA-2025-17760: kernel security update (MODERATE)

ubuntu логотип

CVE-2025-38556

ubuntu
3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.

redhat логотип

CVE-2025-38556

CVSS3: 7.1
redhat
3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.

nvd логотип

CVE-2025-38556

nvd
3 месяца назад

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.