kernel-5.14.0-503.40.1.el9_5
エラータID: AXSA:2025-9934:30
リリース日:
2025/05/15 Thursday - 10:42
題名:
kernel-5.14.0-503.40.1.el9_5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- lib/kobject_uevent.c の zap_modalias_env() 関数には、メモリの
範囲外へアクセスしてしまう問題があるため、ローカルの攻撃者により、
kobject を介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2024-42292)
- net/netfilter/ipvs/ip_vs_ctl.c の ip_vs_add_service() 関数には、
ポインタのデリファレンスを正しく行えていない問題があるため、
ローカルの攻撃者により、巧妙に細工された設定を介して、サービス
妨害を可能とする脆弱性が存在します。(CVE-2024-42322)
- drivers/net/bonding/bond_main.c の bond_ipsec_offload_ok() 関数
には、状態のチェック処理の欠落に起因した NULL ポインタデリファレンス
の問題があるため、ローカルの攻撃者により、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2024-44990)
- fs/binfmt_elf.c の load_elf_binary() 関数には、
kernel.randomize_va_space システムパラメーターを 2 度読み取って
しまう問題があるため、ローカルの攻撃者により、ELF バイナリロード中
の kernel.randomize_va_space システムパラメーターの変更を介して、
予測できない影響を与える攻撃を可能とする脆弱性が存在します。
(CVE-2024-46826)
- kernel の NVMe over TCP ドライバには、メモリ領域の範囲外アクセス
の問題があるため、リモートの攻撃者により、情報の漏洩、データ破壊、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-21927)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-42292
In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove.
In the Linux kernel, the following vulnerability has been resolved: kobject_uevent: Fix OOB access within zap_modalias_env() zap_modalias_env() wrongly calculates size of memory block to move, so will cause OOB memory access issue if variable MODALIAS is not the last one within its @env parameter, fixed by correcting size to memmove.
CVE-2024-42322
In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
CVE-2024-44990
In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.
In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.
CVE-2024-46826
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec.
In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec.
CVE-2025-21927
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header length.
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() nvme_tcp_recv_pdu() doesn't check the validity of the header length. When header digests are enabled, a target might send a packet with an invalid header length (e.g. 255), causing nvme_tcp_verify_hdgst() to access memory outside the allocated area and cause memory corruptions by overwriting it with the calculated digest. Fix this by rejecting packets with an unexpected header length.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-5.14.0-503.40.1.el9_5.src.rpm
MD5: 65c3d1542fed4e5b999837c9425d45cd
SHA-256: 2999c02e34ebcc2b7821a8ea637032cb31c83d7803ede168c6beacdfd08d76a3
Size: 139.64 MB
Asianux Server 9 for x86_64
- bpftool-7.4.0-503.40.1.el9_5.x86_64.rpm
MD5: 6916e28816b94235a5df2ba0be48d350
SHA-256: 87fe91ec9ab3ba55cbe042ac26a53af775aadb142ac998704eb37c17971ba795
Size: 2.81 MB - kernel-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 955d420cc6d34de9cede04f18f588378
SHA-256: 1fa7b4bef50df6c6ff6c29275381234c4a1dc83c42bdc10821c80d25a80f0e8c
Size: 2.04 MB - kernel-abi-stablelists-5.14.0-503.40.1.el9_5.noarch.rpm
MD5: b6f9e472f48923ddf7547d1c8149ee84
SHA-256: 7556319853f9e4d1375db0ec332a69e2075d274668d8519aff044a2c59269a3d
Size: 2.06 MB - kernel-core-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 1c2979f1cd69bf1903d2ee3cac1cad44
SHA-256: 3421afc41f7e82a2ebe68c0c8275c8e58855ae00145b97c0a125a4c84e8a0b5a
Size: 17.67 MB - kernel-cross-headers-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: c563352e88209b701994d456653cc6f2
SHA-256: 9cd05344304ffbdc1bacad57a81dd87983203aca4224550f0679a4369e510492
Size: 8.79 MB - kernel-debug-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: ca97b17494c7048eb3fdc1abede4dcad
SHA-256: 53abdd05c414889d0a08caa4f69ceb2cb63e7ba5b4d85e7d800acb9ffcb9d61b
Size: 2.04 MB - kernel-debug-core-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 8cd8f76751c83e2b8ca1021241c493a4
SHA-256: 9e9ebb720810f483328d9ccc8ea9e641c3bc5f45025b5d04b370a109abaa9717
Size: 30.73 MB - kernel-debug-devel-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: a9fa29fb742735dc6ec74f717d958c77
SHA-256: ccbadd20eafa68214e77edd272623b752fc602bbfeb5bed9b00af67d0466a01e
Size: 21.77 MB - kernel-debug-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: ed11318de0ce49a09666eb041fcd4096
SHA-256: 72573ec55803e2af3c4585b81ed33e25d62bf443ab326b624a934094b0ac246f
Size: 2.04 MB - kernel-debug-modules-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: fa6bcf92c4ddb56cee12279204487506
SHA-256: 4f52ccc7be22734621c243e59c5e87e64f22d9bcdd11c8c71a8af54f4eca3514
Size: 62.70 MB - kernel-debug-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: b8a63ce3bd22410570bb044f3a48d219
SHA-256: 1e25a7ff269e8ae310017c505d74772a4ffb74652abe0b0c8f842d5f23107e2d
Size: 48.01 MB - kernel-debug-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 206903f407b224c8eeec54c98ed566c8
SHA-256: e06deacd1056fa6107910c075ae07d3bdb13186295865f3a5855687862a12af6
Size: 2.90 MB - kernel-debug-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 75dad0e49f320ad0a67a17f298eeafc1
SHA-256: 69d2cf9a2a76c6b1ffc97b6dfee43df730d7011d8c0261c1c0f433ff4dbc4d82
Size: 81.31 MB - kernel-devel-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 3b64edb4b28389f87d7e9623c395d116
SHA-256: 425a31040dc92d741a1b9333eccdb1c5b1bda1d78b7c5569f8666eaaefe58df9
Size: 21.58 MB - kernel-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: cfe42cbde8dbb1ee61d62e719e39ad6a
SHA-256: 52e6a65d5a38e19745c11e265b3fb426a09122e3bc419842b6743af6fa853085
Size: 2.04 MB - kernel-doc-5.14.0-503.40.1.el9_5.noarch.rpm
MD5: 0c80109aaa01acefaaab6505f3bcb82f
SHA-256: 2af1e087d1ee23d341cd90b516e69af28134d2619fba53e52fed5b6607c8d6bb
Size: 37.45 MB - kernel-headers-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 9d6850259d260b1ca564a18c6f273823
SHA-256: 9c7c1dcc4fe423abf397baccbbb7aa50037ea6fbcd55ce19f83f37d24dd6b8ed
Size: 3.75 MB - kernel-modules-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 8b7ea63020ab3ca53a9d2193f039d506
SHA-256: 20202fc125da533711cb4886ae15806a882a230ac9b7a046cc4b67312bd10599
Size: 36.57 MB - kernel-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 7b15df1126e3ba55f43624697437a61c
SHA-256: e242561003a4e68c5b36eaa9aad45fe88e9223f5ee4a57c13143fd219b453625
Size: 30.46 MB - kernel-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: dda5130909e1724042eb0bb1a98e2ef6
SHA-256: f778de4b7350ee83148190e41322ea3055ccd7c746a55f15f4e85708aebb7e04
Size: 2.51 MB - kernel-tools-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 3b948326679d9e0a09db89d4edba66d8
SHA-256: b72a3847cedcf8f2e8cc11dbbd36fe6dcb2b22a08bd34cff95031807acfdbace
Size: 2.31 MB - kernel-tools-libs-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 749f3b8c1de9bd8ae853cee2fcff9f92
SHA-256: 2572cb13b5a4f17a78904ca1a487d46a9219bd6c22d2fa4c084a6962349be3d7
Size: 2.06 MB - kernel-tools-libs-devel-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: fcddd948fe7c4ae0254386c612347872
SHA-256: 68cb6b8e7fdeba1240e443eac6be236120f01be1aa270845339b849f2fcfe6f4
Size: 2.05 MB - kernel-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: dcb45a0117828f1c344feacf9bdd1406
SHA-256: f43b92a96889b7a9a4cdd0f7e1e831abd13d2a697954dce407daccd3ae55fe55
Size: 60.52 MB - kernel-uki-virt-addons-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 3c908b6502172c734e38615f3fd1e31d
SHA-256: 097fb5f6a408c7e9ee532ce8ec1aaabc591f31a66e93c469c89196ce043915e9
Size: 2.06 MB - libperf-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 93d54f300dede489ab50543ae60aa34f
SHA-256: 43ed3c882a704fcfc5459dd93e666d03e19abd44b1b00e5d2c733fe427f63e55
Size: 2.06 MB - perf-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 9c3ffa3e4389f3ffd69acfa266ca2b91
SHA-256: fac7f186298ea0b204ca1345594ca72a349e7bccdc53c87793984c1e7756f082
Size: 4.22 MB - python3-perf-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 88b39d5d2e19d78c6a232794fb061fec
SHA-256: bcd80fc095c4ac51e5e1f26ec78e670ef684b5d01efd330217c9d1f03a4fa997
Size: 2.15 MB - rtla-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 05fd32e96f187a6b99211ed042f9a84b
SHA-256: 354f6bbf613ca92e96f79dd31f9eca17a4ff35823695d8bcf031b4d565f79f31
Size: 2.09 MB - rv-5.14.0-503.40.1.el9_5.x86_64.rpm
MD5: 9d15e26eb947c8c78e8708beef9720e8
SHA-256: e7291f243594bf5366c42913223e8ecc3fa8c8c05d8366175e1062a8c7f59e0f
Size: 2.06 MB
English