Описание
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (CVE-2024-26766)
-
kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CVE-2025-38022)
-
kernel: Linux kernel: RDMA/rxe use-after-free vulnerability leading to potential arbitrary code execution (CVE-2025-38024)
-
kernel: Linux kernel: Memory corruption in Squashfs due to incorrect block size calculation (CVE-2025-38415)
-
kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion (CVE-2025-38459)
-
kernel: Linux kernel: Denial of Service via out-of-bounds read in USB configuration parsing (CVE-2025-39760)
-
kernel: mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
-
kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)
-
kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling (CVE-2025-40322)
-
kernel: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (CVE-2022-50865)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2273187
- Red Hat - 2373326
- Red Hat - 2373354
- Red Hat - 2383404
- Red Hat - 2383487
- Red Hat - 2394601
- Red Hat - 2418876
- Red Hat - 2419837
- Red Hat - 2419902
- Red Hat - 2426226
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value of int and overflow. This patch reduces the limit budget by halving the sndbuf to solve this issue since ACK packets are much smaller than the payload.
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value of int and overflow. This patch reduces the limit budget by halving the sndbuf to solve this issue since ACK packets are much smaller than the payload.
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value of int and overflow. This patch reduces the limit budget by halving the sndbuf to solve this issue since ACK packets are much smaller than the payload.
In the Linux kernel, the following vulnerability has been resolved: t ...