Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:18297

Опубликовано: 26 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757)

  • kernel: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CVE-2025-39751)

  • kernel: crypto: seqiv - Handle EBUSY correctly (CVE-2023-53373)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bpftoolx86_64553.80.1.el8_10bpftool-4.18.0-553.80.1.el8_10.x86_64.rpm
kernelx86_64553.80.1.el8_10kernel-4.18.0-553.80.1.el8_10.x86_64.rpm
kernel-abi-stablelistsnoarch553.80.1.el8_10kernel-abi-stablelists-4.18.0-553.80.1.el8_10.noarch.rpm
kernel-corex86_64553.80.1.el8_10kernel-core-4.18.0-553.80.1.el8_10.x86_64.rpm
kernel-debugx86_64553.80.1.el8_10kernel-debug-4.18.0-553.80.1.el8_10.x86_64.rpm
kernel-debug-corex86_64553.80.1.el8_10kernel-debug-core-4.18.0-553.80.1.el8_10.x86_64.rpm
kernel-debug-develx86_64553.80.1.el8_10kernel-debug-devel-4.18.0-553.80.1.el8_10.x86_64.rpm
kernel-debuginfo-common-x86_64x86_64553.80.1.el8_10kernel-debuginfo-common-x86_64-4.18.0-553.80.1.el8_10.x86_64.rpm
kernel-debug-modulesx86_64553.80.1.el8_10kernel-debug-modules-4.18.0-553.80.1.el8_10.x86_64.rpm
kernel-debug-modules-extrax86_64553.80.1.el8_10kernel-debug-modules-extra-4.18.0-553.80.1.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-53373
CVE-2025-39751
CVE-2025-39757

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-18297

oracle-oval
16 дней назад

ELSA-2025-18297: kernel security update (MODERATE)

oracle-oval логотип

ELSA-2025-17760

oracle-oval
23 дня назад

ELSA-2025-17760: kernel security update (MODERATE)

ubuntu логотип

CVE-2023-53373

ubuntu
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.

redhat логотип

CVE-2023-53373

CVSS3: 7
redhat
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.

nvd логотип

CVE-2023-53373

nvd
около 2 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Handle EBUSY correctly As it is seqiv only handles the special return value of EINPROGERSS, which means that in all other cases it will free data related to the request. However, as the caller of seqiv may specify MAY_BACKLOG, we also need to expect EBUSY and treat it in the same way. Otherwise backlogged requests will trigger a use-after-free.