kernel-5.14.0-570.28.1.el9_6
エラータID: AXSA:2025-10762:55
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: media: uvcvideo: Remove dangling pointers (CVE-2024-58002)
* kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (CVE-2025-38089)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-58002
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the operation. That pointer will be used when the device is done. Which could be anytime in the future. If the user closes that file descriptor, its structure will be freed, and there will be one dangling pointer per pending async control, that the driver will try to use. Clean all the dangling pointers during release(). To avoid adding a performance penalty in the most common case (no async operation), a counter has been introduced with some logic to make sure that it is properly handled.
CVE-2025-38089
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash.
Update packages.
N/A
SRPMS
- kernel-5.14.0-570.28.1.el9_6.src.rpm
MD5: 1c9b9fad4c18130d3fa6f786e13186e8
SHA-256: 41411505ded032110d539d5987599a11083a72e64a2703e4bd180728ff5a4d18
Size: 142.50 MB
Asianux Server 9 for x86_64
- kernel-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: b4d4fdd717b4baeb70861a334618c993
SHA-256: f156d3513123e6dd99888e58f3efe93b9b75933ea03d10050a980aa59eee04d1
Size: 1.78 MB - kernel-abi-stablelists-5.14.0-570.28.1.el9_6.noarch.rpm
MD5: ce4bd1c5c792e2f41d58bc03951d5d7e
SHA-256: 6590687ab538b2053cb4960f4b848b36af0966a9b05d606f45719e0c106a93a6
Size: 1.80 MB - kernel-core-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 8a11f4ac6cea1f8d2daa0023c93848a5
SHA-256: f81427aeaed4c5c6d56a86dd42ba43bf26a25852ebfa485753ed051d15a8ba0c
Size: 17.85 MB - kernel-cross-headers-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 5c39c0ecb68ca2e428da27a91c0d626a
SHA-256: 2c24086ef18bf997c1b8de0088a05bd2ac7b99d8e76cd8879c24f35c7581efe1
Size: 8.65 MB - kernel-debug-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: fd73aebd26038949acb7784f3ce3338b
SHA-256: e40cc9ce405bdb2764759a8fe23dc11f79a3b1d9c277f4fddca757032687f159
Size: 1.78 MB - kernel-debug-core-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: a05ded233b480b3a3dbbd8eba242429d
SHA-256: fd5b6ad5daa3ea392080a6fde8331346b3185452d393ab3c4976b7d33c3a73ed
Size: 31.28 MB - kernel-debug-devel-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 35d58ebab906a716fcec1ed8d6214611
SHA-256: bf1fc6bf665eaba95fc0853128f32f9b65b69b3ca691f1415faceba4f1a6e2fa
Size: 21.77 MB - kernel-debug-devel-matched-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 632ef3cb6df89f8bbf4ec67a3bb6e730
SHA-256: 97fdb29015bb85f6067fbcc984daaeafa0f8570e52f63cf21e1c8a479a031d46
Size: 1.78 MB - kernel-debug-modules-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: fe72a9f3604a207be66cdfac6f87a444
SHA-256: 277924669d5ba47f3744af2628213f3891cdd22bfe56e44ad8100a9de7a7d0de
Size: 67.38 MB - kernel-debug-modules-core-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: b1ec2ce336037f8ea2512b13282ca5fe
SHA-256: 0d76be63524410976a72fac5b1feb4e1d4b1bed10bfd7bf0abf9ccd93f603876
Size: 48.90 MB - kernel-debug-modules-extra-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: a412b09178e23483d26d84b178b81269
SHA-256: 2f32ac85643ad863d84a32311087f241a81a89e7225076465abf7a666174318a
Size: 2.55 MB - kernel-debug-uki-virt-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 9539d007e9a39c5ac985d6631128e50d
SHA-256: 0da3affbe12eb138b896f1329c144cb100d87284cb9c2ce735cc71ae5e543b22
Size: 84.36 MB - kernel-devel-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 238ada35867a42eec86b3b909412d243
SHA-256: d547c3f09154c43110ac0bbe33320e25cf89c406fbfa26e20b569b7b1a0f978f
Size: 21.60 MB - kernel-devel-matched-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 8e22718263cdd878eaf47694ed5ff49d
SHA-256: 58de67af10a01300595a352f5658659bddf02f80736df09012eda8f7aa590b9d
Size: 1.78 MB - kernel-doc-5.14.0-570.28.1.el9_6.noarch.rpm
MD5: bc0842f0049e6643be6832664bac5ca1
SHA-256: dec7e59d66a18d04e11b16c5d3b8bd2c38360ac0ad3ce83ffaa314d6bf768c1c
Size: 37.91 MB - kernel-headers-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: b61d5e020bf9e083beb2c4d1f3db22fd
SHA-256: d2c97fafd3552f414a30456618b8ae2d1124567bf2129fb6d74375e42bd25ed1
Size: 3.52 MB - kernel-modules-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 6b19c42eaa1499ac3e522daaf2e72a1b
SHA-256: 19c60a86ba7a471500df71f26f771a9f97d3311b134e95892b0b17a3447fe7ac
Size: 38.96 MB - kernel-modules-core-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 736f20b087473800aa16132c019a991a
SHA-256: 9ebb518a9024242cad5af7b3a1d4d69ee8ef1023c63451c05541ccf3e867c515
Size: 30.87 MB - kernel-modules-extra-5.14.0-570.28.1.el9_6.x86_64.rpm
MD5: 8724dd788249a3501d4bc84c0f3173f6
SHA-256: f1f14f702692cce2ea6b1b1211850ffe670438f28892a880d1e645f680796734
Size: 2.20 MB