Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:22854

Опубликовано: 14 дек. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: cifs: Fix oops due to uninitialised variable (CVE-2025-38737)

  • kernel: can: j1939: implement NETDEV_UNREGISTER notification handler (CVE-2025-39925)

  • kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (CVE-2025-39982)

  • kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)

  • kernel: net/mlx5: fs, fix UAF in flow counter release (CVE-2025-39979)

  • kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue (CVE-2025-39983)

  • kernel: io_uring/waitid: always prune wait queue entry in io_waitid_wait() (CVE-2025-40047)

  • kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk (CVE-2025-40058)

  • kernel: ice: ice_adapter: release xa entry on adapter allocation failure (CVE-2025-40185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
kernelx86_64124.20.1.el10_1kernel-6.12.0-124.20.1.el10_1.x86_64.rpm
kernel-abi-stablelistsnoarch124.20.1.el10_1kernel-abi-stablelists-6.12.0-124.20.1.el10_1.noarch.rpm
kernel-abi-stablelistsnoarch124.20.1.el10_1kernel-abi-stablelists-6.12.0-124.20.1.el10_1.noarch.rpm
kernel-abi-stablelistsnoarch124.20.1.el10_1kernel-abi-stablelists-6.12.0-124.20.1.el10_1.noarch.rpm
kernel-abi-stablelistsnoarch124.20.1.el10_1kernel-abi-stablelists-6.12.0-124.20.1.el10_1.noarch.rpm
kernel-corex86_64124.20.1.el10_1kernel-core-6.12.0-124.20.1.el10_1.x86_64.rpm
kernel-debugx86_64124.20.1.el10_1kernel-debug-6.12.0-124.20.1.el10_1.x86_64.rpm
kernel-debug-corex86_64124.20.1.el10_1kernel-debug-core-6.12.0-124.20.1.el10_1.x86_64.rpm
kernel-debuginfo-common-x86_64x86_64124.20.1.el10_1kernel-debuginfo-common-x86_64-6.12.0-124.20.1.el10_1.x86_64.rpm
kernel-debug-modulesx86_64124.20.1.el10_1kernel-debug-modules-6.12.0-124.20.1.el10_1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-38737
CVE-2025-39925
CVE-2025-39979
CVE-2025-39981
CVE-2025-39982
CVE-2025-39983
CVE-2025-40047
CVE-2025-40058
CVE-2025-40185

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-22854

oracle-oval
20 дней назад

ELSA-2025-22854: kernel security update (MODERATE)

ubuntu логотип

CVE-2025-38737

CVSS3: 5.5
ubuntu
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should start a fresh buffer, but the value is currently undefined.

redhat логотип

CVE-2025-38737

CVSS3: 7
redhat
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should start a fresh buffer, but the value is currently undefined.

nvd логотип

CVE-2025-38737

CVSS3: 5.5
nvd
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should start a fresh buffer, but the value is currently undefined.

debian логотип

CVE-2025-38737

CVSS3: 5.5
debian
4 месяца назад

In the Linux kernel, the following vulnerability has been resolved: c ...