Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2026:2722

Опубликовано: 24 фев. 2026
Источник: rocky
Оценка: Moderate

Описание

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • kernel: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (CVE-2023-53034)

  • kernel: smc: Fix use-after-free in __pnet_find_base_ndev() (CVE-2025-40064)

  • kernel: Linux kernel: Out-of-bounds write in fbdev can lead to privilege escalation, information disclosure, or denial of service. (CVE-2025-40304)

  • kernel: Linux kernel: Information disclosure and denial of service via out-of-bounds read in font glyph handling (CVE-2025-40322)

  • kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)

  • kernel: svcrdma: use rc_pageoff for memcpy byte offset (CVE-2025-68811)

  • kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
kernelx86_64611.34.1.el9_7kernel-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-abi-stablelistsnoarch611.34.1.el9_7kernel-abi-stablelists-5.14.0-611.34.1.el9_7.noarch.rpm
kernel-corex86_64611.34.1.el9_7kernel-core-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debugx86_64611.34.1.el9_7kernel-debug-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-corex86_64611.34.1.el9_7kernel-debug-core-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debuginfo-common-x86_64x86_64611.34.1.el9_7kernel-debuginfo-common-x86_64-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-modulesx86_64611.34.1.el9_7kernel-debug-modules-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-modules-corex86_64611.34.1.el9_7kernel-debug-modules-core-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-modules-extrax86_64611.34.1.el9_7kernel-debug-modules-extra-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-uki-virtx86_64611.34.1.el9_7kernel-debug-uki-virt-5.14.0-611.34.1.el9_7.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-53034
CVE-2025-40064
CVE-2025-40304
CVE-2025-40322
CVE-2025-68349
CVE-2025-68811
CVE-2026-22998

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2026-2722

oracle-oval
около 1 месяца назад

ELSA-2026-2722: kernel security update (MODERATE)

rocky логотип

RLSA-2026:2721

rocky
30 дней назад

Moderate: kernel security update

oracle-oval логотип

ELSA-2026-2721

oracle-oval
около 1 месяца назад

ELSA-2026-2721: kernel security update (MODERATE)

ubuntu логотип

CVE-2023-53034

CVSS3: 7.1
ubuntu
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7 [ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT.

redhat логотип

CVE-2023-53034

CVSS3: 6
redhat
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ================================================================================ [ 23.734172] UBSAN: shift-out-of-bounds in drivers/ntb/hw/mscc/ntb_hw_switchtec.c:293:7 [ 23.734418] shift exponent -1 is negative Ensuring xlate_pos is a positive or zero before BIT.