Описание
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting (CVE-2025-38141)
-
kernel: Linux kernel use-after-free in eventpoll (CVE-2025-38349)
-
kernel: drm/xe: Fix vm_bind_ioctl double free bug (CVE-2025-38731)
-
kernel: Linux kernel: vsock vulnerability may lead to memory corruption (CVE-2025-40248)
-
kernel: mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
-
kernel: Linux kernel: Out-of-bounds write in Bluetooth MGMT can lead to information disclosure and denial of service (CVE-2025-40294)
-
kernel: net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301)
-
kernel: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CVE-2025-68305)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 9
Ссылки на источники
Исправления
- Red Hat - 2376052
- Red Hat - 2381870
- Red Hat - 2393488
- Red Hat - 2418872
- Red Hat - 2418876
- Red Hat - 2419891
- Red Hat - 2422836
- Red Hat - 2422840
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulation resources, it is possible that another process, perhaps triggered by blkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If blk_revalidate_disk_zones() fails, these resources can be freed while the other process is still using them, causing a use-after-free error. blk_revalidate_disk_zones() will only ever be called when initially setting up the zone append emulation resources, such as when setting up a zoned dm-crypt table for the first time. Further table swaps wil...
In the Linux kernel, the following vulnerability has been resolved: dm: fix dm_blk_report_zones If dm_get_live_table() returned NULL, dm_put_live_table() was never called. Also, it is possible that md->zone_revalidate_map will change while calling this function. Only read it once, so that we are always using the same value. Otherwise we might miss a call to dm_put_live_table(). Finally, while md->zone_revalidate_map is set and a process is calling blk_revalidate_disk_zones() to set up the zone append emulation resources, it is possible that another process, perhaps triggered by blkdev_report_zones_ioctl(), will call dm_blk_report_zones(). If blk_revalidate_disk_zones() fails, these resources can be freed while the other process is still using them, causing a use-after-free error. blk_revalidate_disk_zones() will only ever be called when initially setting up the zone append emulation resources, such as when setting up a zoned dm-crypt table for the first time. Further table swaps wil...