kernel-5.14.0-611.41.1.el9_7
エラータID: AXSA:2026-356:22
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save (CVE-2025-39818)
* kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-39818
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in _regmap_bulk_read+0x449/0x510 Write of size 4 at addr ffff888136005dc0 by task kworker/u33:5/5107 CPU: 3 UID: 0 PID: 5107 Comm: kworker/u33:5 Not tainted 6.16.0+ #3 PREEMPT(voluntary) Workqueue: async async_run_entry_fn Call Trace: dump_stack_lvl+0x76/0xa0 print_report+0xd1/0x660 ? __pfx__raw_spin_lock_irqsave+0x10/0x10 ? kasan_complete_mode_report_info+0x26/0x200 kasan_report+0xe1/0x120 ? _regmap_bulk_read+0x449/0x510 ? _regmap_bulk_read+0x449/0x510 __asan_report_store4_noabort+0x17/0x30 _regmap_bulk_read+0x449/0x510 ? __pfx__regmap_bulk_read+0x10/0x10 regmap_bulk_read+0x270/0x3d0 pio_complete+0x1ee/0x2c0 [intel_thc] ? __pfx_pio_complete+0x10/0x10 [intel_thc] ? __pfx_pio_wait+0x10/0x10 [intel_thc] ? regmap_update_bits_base+0x13b/0x1f0 thc_i2c_subip_pio_read+0x117/0x270 [intel_thc] thc_i2c_subip_regs_save+0xc2/0x140 [intel_thc] ? __pfx_thc_i2c_subip_regs_save+0x10/0x10 [intel_thc] [...] The buggy address belongs to the object at ffff888136005d00 which belongs to the cache kmalloc-rnd-12-192 of size 192 The buggy address is located 0 bytes to the right of allocated 192-byte region [ffff888136005d00, ffff888136005dc0) Replaced with direct array indexing (&dev->i2c_subip_regs[i]) to ensure safe memory access.
CVE-2025-68800
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver periodically traverses it in order to update the kernel about multicast route stats that were queried from the device. One instance of list entry deletion (during route replace) was missed and it can result in a use-after-free [1]. Fix by acquiring the mutex before deleting the entry from the list and releasing it afterwards. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum] Read of size 8 at addr ffff8881523c2fa8 by task kworker/2:5/22043 CPU: 2 UID: 0 PID: 22043 Comm: kworker/2:5 Not tainted 6.18.0-rc1-custom-g1a3d6d7cd014 #1 PREEMPT(full) Hardware name: Mellanox Technologies Ltd. MSN2010/SA002610, BIOS 5.6.5 08/24/2017 Workqueue: mlxsw_core mlxsw_sp_mr_stats_update [mlxsw_spectrum] Call Trace: dump_stack_lvl+0xba/0x110 print_report+0x174/0x4f5 kasan_report+0xdf/0x110 mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum] process_one_work+0x9cc/0x18e0 worker_thread+0x5df/0xe40 kthread+0x3b8/0x730 ret_from_fork+0x3e9/0x560 ret_from_fork_asm+0x1a/0x30 Allocated by task 29933: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 mlxsw_sp_mr_route_add+0xd8/0x4770 [mlxsw_spectrum] mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum] process_one_work+0x9cc/0x18e0 worker_thread+0x5df/0xe40 kthread+0x3b8/0x730 ret_from_fork+0x3e9/0x560 ret_from_fork_asm+0x1a/0x30 Freed by task 29933: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_save_free_info+0x3b/0x70 __kasan_slab_free+0x43/0x70 kfree+0x14e/0x700 mlxsw_sp_mr_route_add+0x2dea/0x4770 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:444 [mlxsw_spectrum] mlxsw_sp_router_fibmr_event_work+0x371/0xad0 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c:7965 [mlxsw_spectrum] process_one_work+0x9cc/0x18e0 worker_thread+0x5df/0xe40 kthread+0x3b8/0x730 ret_from_fork+0x3e9/0x560 ret_from_fork_asm+0x1a/0x30
Update packages.
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: BUG: KASAN: slab-out-of-bounds in _regmap_bulk_read+0x449/0x510 Write of size 4 at addr ffff888136005dc0 by task kworker/u33:5/5107 CPU: 3 UID: 0 PID: 5107 Comm: kworker/u33:5 Not tainted 6.16.0+ #3 PREEMPT(voluntary) Workqueue: async async_run_entry_fn Call Trace:
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver periodically traverses it in order to update the kernel about multicast route stats that were queried from the device. One instance of list entry deletion (during route replace) was missed and it can result in a use-after-free [1]. Fix by acquiring the mutex before deleting the entry from the list and releasing it afterwards. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_mr_stats_update+0x4a5/0x540 drivers/net/ethernet/mellanox/mlxsw/spectrum_mr.c:1006 [mlxsw_spectrum] Read of size 8 at addr ffff8881523c2fa8 by task kworker/2:5/22043 CPU: 2 UID: 0 PID: 22043 Comm: kworker/2:5 Not tainted 6.18.0-rc1-custom-g1a3d6d7cd014 #1 PREEMPT(full) Hardware name: Mellanox Technologies Ltd. MSN2010/SA002610, BIOS 5.6.5 08/24/2017 Workqueue: mlxsw_core mlxsw_sp_mr_stats_update [mlxsw_spectrum] Call Trace:
N/A
SRPMS
- kernel-5.14.0-611.41.1.el9_7.src.rpm
MD5: cd750beac7e600028ee5b2d5391ec070
SHA-256: 49767248f10a1cabae99a90850552def810113b1df02b30eae8e788924cea48a
Size: 144.02 MB
Asianux Server 9 for x86_64
- kernel-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 78aa073dea0e3b68ed36540bf1ac785c
SHA-256: 7f8c3b994b547586be0f3a014373340a4fc93a48edb6473d454ec80e6fc40fdc
Size: 1.11 MB - kernel-abi-stablelists-5.14.0-611.41.1.el9_7.noarch.rpm
MD5: 5126a0d11d0b630d749ba29f18c64d43
SHA-256: 0005e2d0ac908c31052ad68f043c872ecdef8db393369d70300a1a447683f1d8
Size: 1.14 MB - kernel-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 691612c72759975bbaf29ab6207457a4
SHA-256: 7c4fa5bf49d025c4f4619c1897118ec734cbbe30a057c0710fc1cf87ccfc72d8
Size: 17.39 MB - kernel-cross-headers-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 426c8958df460a5578f5a34f16ea1b68
SHA-256: 3dbe4c87dbd6490ef0de3d801eedf5f17ebfe35e7b20ddd1dfa96331328bcead
Size: 8.06 MB - kernel-debug-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: ff3a94e32dfb060f1915a475edfc8832
SHA-256: 0c00646e0b3861c907c4151e1781dde40a786309fefad35f672cb836966b69ba
Size: 1.11 MB - kernel-debug-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: d48e9c7e49d1c736339661377c04b0f5
SHA-256: b0619d85383afb34e643aa92393e0b4637e6d3b3d6a48e9ae02e83e538f83d1b
Size: 30.98 MB - kernel-debug-devel-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 0f0e84043e31d0bcbf6947761df24751
SHA-256: 0262fcf20d2b7f3d90b62d35e1b673a93f02a0742b0c182ac525f29efbe23002
Size: 21.30 MB - kernel-debug-devel-matched-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 36958b33b46d2088d85ea6ed1c737e26
SHA-256: cd1aab55440030964312b6fe60d9481927d0789c4915071b2ea13db83e982557
Size: 1.11 MB - kernel-debug-modules-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 573e1143695583c134551875aaf79877
SHA-256: c21390f1e2803d24557a5bfe8134dff13790c755aff819163104706f2e33c963
Size: 69.35 MB - kernel-debug-modules-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 4f460a29399ecb54f70f7e866ea155ce
SHA-256: 297e6a238dce4510243e9d1ec28aed99a7b9adab255a04690db57c8a41e98d82
Size: 49.53 MB - kernel-debug-modules-extra-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 43f3270664d00b7178ea746229e1589a
SHA-256: 2df1d765a936ca284ef68449534205d49c5290f6a8846c47610725c1c0bb4924
Size: 1.92 MB - kernel-debug-uki-virt-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 5f2ca6c76695ef750c760967d2791c78
SHA-256: e6305e71a2fa21f4847a3ec46d52285cc97a33ea4704be10a92dba339c04b493
Size: 85.84 MB - kernel-devel-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 87c311d5c3ad66c79ffaecbb1947bceb
SHA-256: 7b0f468403555c5677c1d2719f91b51b9211989780a9b2eb8cf81f0b66a39f67
Size: 21.13 MB - kernel-devel-matched-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 2fe376e4e7cdba1a1cc4750680e5bfd4
SHA-256: 3893e59fdd43b02056c5a3af6a5693b8a74977588d6e5d5e65df9479abd61a02
Size: 1.11 MB - kernel-doc-5.14.0-611.41.1.el9_7.noarch.rpm
MD5: cbaa6ff413a2578f592465eaa4b18370
SHA-256: 32c82cd5fef2997440c97c10aea61144ffcd7d6a007450ec1d717b3195a5c7d8
Size: 38.86 MB - kernel-headers-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 41770e5885f99bbd7899c925d095de82
SHA-256: 854bbc7d8819ea4ce54dcadf8c72cad0b5e2c1dacec482d8bde8554c6035c0d5
Size: 2.87 MB - kernel-modules-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 1382ae893db6ea6c82019fa43785ea54
SHA-256: b5100b98d544f8e616221f160e5894d0dd5698a55961715842c298dc54116239
Size: 39.78 MB - kernel-modules-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: bbfd35f86f4d8e2680acc401f6ce5c4e
SHA-256: 77b9c8bab3b7b214f0ba5daeec252094e64dcf0068c143e9916840b1fa0b64ed
Size: 30.98 MB - kernel-modules-extra-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 8991aacbb9a3cc0aca5f88882fdba3f5
SHA-256: dfa29ac11611f925da1ec5d497ef3a8d88261259dd09d90fad3d6b4a6f3084ee
Size: 1.55 MB - kernel-rt-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 89cd1111b144273db33f6436d3793bc6
SHA-256: 2f6716c09b0018da0278a2fbb7b00a7a6679b51172c6c955663058a7ec1a45df
Size: 1.11 MB - kernel-rt-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 792f9442b685cce0c0053a8cf4c2c44b
SHA-256: baf8fffb0c3dae4b2dc986f7ce9ecd16e92effe9ee6d5ade1dad7a7069dea29c
Size: 17.31 MB - kernel-rt-debug-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 418215af7121b08e09b02620fe8050c0
SHA-256: 40d1ae7241ee0f29b0007f0b117f9075cf5c2b7442b1bd8ea4a81e3d81119107
Size: 1.11 MB - kernel-rt-debug-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 7dcbe6ba1e5dd6ebc5b71bdbd573e770
SHA-256: 1cd663836554217d424b91a23b247192d2f37387234827e5d3d71d6e97827bfc
Size: 18.73 MB - kernel-rt-debug-devel-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 474b00cf54c04dd6f1e5e2fc791e6f4c
SHA-256: cd7883906a5a93487027e9cabbf3d66d190e766b73d56770fc9578e64d3a03af
Size: 21.25 MB - kernel-rt-debug-modules-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 2bd2c5027edef537ee56334a15babbeb
SHA-256: 11f98a9f47df33794a7e11cfa48cdbc7d75f5a62e65117572603eecc51e2d77c
Size: 41.34 MB - kernel-rt-debug-modules-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 40cda86e6945e7729000443e039bb7a9
SHA-256: 5263f2059de39ef3a8df73ab2abfe330f188ea1917aa00e179f32c7fad15da49
Size: 32.15 MB - kernel-rt-debug-modules-extra-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: a849b14aa99c994670a45a724b4f5dbc
SHA-256: ed077ca053c87cd0d57d9b09d2f589d4f79273cb2a372bc1e2445b3851b761e2
Size: 1.58 MB - kernel-rt-devel-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 5b45c72ab3a4be92ba720006f508938c
SHA-256: a176e4479bbc6597bcdd345a87ce658dd670a8ecccce254b742ec7547d254155
Size: 21.12 MB - kernel-rt-modules-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 2f77b7d726bc1eaa344b4663eccaf7da
SHA-256: c1fe4d58dcbe0935c69ade373014896f436738de83e7de3bd15d0396fe75aec3
Size: 39.83 MB - kernel-rt-modules-core-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 057e3848c263cdc29c1757a3c8cac5ab
SHA-256: 123c6ef6d86e618cac89f75bdb39e177b29efd574be7a0d0c0f1cb3d9487945a
Size: 31.05 MB - kernel-rt-modules-extra-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 658625cdefc0e68c345d51562ff8fb73
SHA-256: 5294f5d788726172bfff51683b39ff8564beaf8602c5bb1116060e79cef70ddf
Size: 1.55 MB - kernel-tools-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: b97d173074cb94c53b5bd6b58f2fa5b9
SHA-256: c00a64eed8ed4138adb4dd5e75cea594ebbac4561b8911e681860e79efde0dda
Size: 1.40 MB - kernel-tools-libs-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 092eebf3368ae86461862fdca60a402e
SHA-256: 1bd0d282a09480a18ff9d0d2bbc4b939c07fb856ce04295e842df052f9cfd615
Size: 1.12 MB - kernel-tools-libs-devel-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 77c26e5a1021d343e51339e926a3724e
SHA-256: 590b67060c67ff9dbc5ffe42deeb99566b35d6de12c65a0cba9dc171f29dc08b
Size: 1.11 MB - kernel-uki-virt-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 2448e313b8a679f61544180add107ada
SHA-256: 5d0701d2b71f81b74b62053dbac93a787aa2f9f00c20398e93a8a8efe72fc420
Size: 63.98 MB - kernel-uki-virt-addons-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 368effad4c0fa06487a29acbee47852f
SHA-256: 208bed1a2e7c41d284237e08cebd4abdf0d697df342609387c52ea67bd18d026
Size: 1.13 MB - libperf-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 37cb1b2471b9ec4cd913f4f0a74bd209
SHA-256: fc5d2b0c079174b001d32c0971ba7c0d573f576d65b77a508b7adaae67af1081
Size: 1.13 MB - perf-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: b844e68507ec099fb839c12690d3a2a2
SHA-256: bda9cacfeba378f623165765ddfc33ce050f7565c47fd39b7e365e28bd5b2937
Size: 3.37 MB - python3-perf-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 233caca3052055a46b18316f801c07ba
SHA-256: f327bcb8b39a8a180d123036440950a75b82796e89a8bc789592b83f5e4e0ff4
Size: 2.54 MB - rtla-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 12b8b8f09aac7e30360705ace83291eb
SHA-256: 6bd79aa740e8cf92d0e29d525ceeca443dfbc6c0c5da15a7090059e3a16deb7b
Size: 1.18 MB - rv-5.14.0-611.41.1.el9_7.x86_64.rpm
MD5: 2c405dd614671b3dc4a3058a5939b4eb
SHA-256: 1286d0d6bf0a374451435028e6843195771ea26f260baaa63f93d1ff9f010a24
Size: 1.13 MB