kernel-4.18.0-553.76.1.el8_10

エラータID: AXSA:2025-10902:72

Release date: 
Tuesday, September 30, 2025 - 09:32
Subject: 
kernel-4.18.0-553.76.1.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461)
kernel: do_change_type(): refuse to operate on unmounted/not ours mounts
(CVE-2025-38498)
kernel: HID: core: Harden s32ton() against conversion to 0 bits
(CVE-2025-38556)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-38461
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add a lockdep assert. BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsock_assign_transport+0x366/0x600 Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
CVE-2025-38498
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).
CVE-2025-38556
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.

Solution: 

Update packages.

CVEs: 
CVE-2025-38461
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_* TOCTOU Transport assignment may race with module unload. Protect new_transport from becoming a stale pointer. This also takes care of an insecure call in vsock_use_local_transport(); add a lockdep assert. BUG: unable to handle page fault for address: fffffbfff8056000 Oops: Oops: 0000 [#1] SMP KASAN RIP: 0010:vsock_assign_transport+0x366/0x600 Call Trace: vsock_connect+0x59c/0xc40 __sys_connect+0xe8/0x100 __x64_sys_connect+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53
CVE-2025-38498
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).
CVE-2025-38556
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this should never occur, but there are buggy devices and some might have a report field with size set to zero; we shouldn't reject the report or the device just because of that. Instead, harden the s32ton() routine so that it returns a reasonable result instead of crashing when it is called with the number of bits set to 0 -- the same as what snto32() does.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-4.18.0-553.76.1.el8_10.src.rpm
    MD5: 25676f7fec3c65e054c97c5d31cb4653
    SHA-256: 9e9a32edded6ead201f873e721ec654c2835c4b6f449cfaf5903171b2d2f59a5
    Size: 132.27 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: c415263622badf4e6d9b74f24564993e
    SHA-256: 79a4861ccc25d0a7df80ba674460a506e9ca2e1ae71ad71ce456100ccad1b8da
    Size: 11.24 MB
  2. kernel-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 4dde6ec3c9c71697caca8c85f0502810
    SHA-256: fd9fc1795b29a7a05111ff959b989f1009887a109981c06351349e1611e65e9c
    Size: 10.51 MB
  3. kernel-abi-stablelists-4.18.0-553.76.1.el8_10.noarch.rpm
    MD5: cc9d175166ca192d8765870a4b664238
    SHA-256: 51b85bb7839dabd02089ad7f47fd018e4515bfb0457815c62e2e472f87c69f12
    Size: 10.53 MB
  4. kernel-core-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 5a54ad951fdb23e230ee267575e5d60d
    SHA-256: 7471976a82f0ea4103b05b7330ea26e734d4aacfbebfdd559d414a158aa42981
    Size: 43.54 MB
  5. kernel-cross-headers-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: f252101cfa282e8fc178d1a3190bdb33
    SHA-256: 21cfdd3ebc28680905b0ba88abe1307a5e21dc2c04e58a3df7137a037e048efe
    Size: 15.86 MB
  6. kernel-debug-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: aab87ae33c6e14ffcf66cbe1609405ec
    SHA-256: dc301011d1b5a225e31e4c0345b36c0a4d55991d986347e16618a8b34ccbd5da
    Size: 10.51 MB
  7. kernel-debug-core-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 81d53a1f529b36c7dbb766c33b2b823e
    SHA-256: 0d9d0a5d0faffa93ebcb993b48dbd3ccab005d7c87696822e38da331ddf07626
    Size: 72.82 MB
  8. kernel-debug-devel-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: b81db0f9597ac1a3ebae8ba7491d943f
    SHA-256: f8d55a06f33a1dc18e7b9e2c84045a0aedbf14020d8eb5376a7a08e04b6e2b9c
    Size: 24.34 MB
  9. kernel-debug-modules-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 9ecc972bc486ecbc263adbd7aa3d3e7f
    SHA-256: b8c483cffa18cc08c11702d01eda25c72c2ea967a2dc627ef10d36099c88863d
    Size: 65.93 MB
  10. kernel-debug-modules-extra-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 20d0242d8afdffb9752719c3a26445cc
    SHA-256: 29bb8f5431ffe7f7b6e79bd0682e515f70b1da219bcae5b9607c03984e70ec83
    Size: 11.89 MB
  11. kernel-devel-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 76648336170514209d578fdc9022900c
    SHA-256: 13734bc358ebebfc83ebc196c85ce712bd6c3b8783a00b41eeb0d965bb118143
    Size: 24.14 MB
  12. kernel-doc-4.18.0-553.76.1.el8_10.noarch.rpm
    MD5: 36ca9f1de988ec759430fa4ee503251d
    SHA-256: f87b7a93686ae526ad4fd2da58157aaf12272a894420dd4eb25d82fae00a589a
    Size: 28.37 MB
  13. kernel-headers-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: ed2e245ca71bf1c5951a75ac2f896768
    SHA-256: 5287a69e03b3093583576a1fb2bbe0e572bb9af8812119a903d9b1c94668745d
    Size: 11.86 MB
  14. kernel-modules-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: f730077eaac271546698bc451bf9fe73
    SHA-256: 4b38b7666069891ffd99aa507050e15c195d18ec17cb5152b73ec09aefde6816
    Size: 36.33 MB
  15. kernel-modules-extra-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 90240933cf1c742523c6ac2fe41878c2
    SHA-256: 3a40ad02c846389cf152cc3c7b5f206e0c15f88791ca744285aef4d2c63e1269
    Size: 11.20 MB
  16. kernel-tools-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: a02d64f77076d1dbf9f1777cb428f5d5
    SHA-256: 3d52fab014bd92a8586b500e222c10c409ff6ef951106ba5c8c2fb1ed2ad4d15
    Size: 10.73 MB
  17. kernel-tools-libs-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 872c7e9aeb313cb8615d925150b1f328
    SHA-256: 5ee19b270b9cd363b691c144039333794b1f379aacc2c1a52fb3b654d5b9708f
    Size: 10.52 MB
  18. kernel-tools-libs-devel-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 5622cca0ecb1abcfd083c969986b9fe8
    SHA-256: 29088f0981f0a58363cb9caf295ca2bd5755d3db3148e63fb12705148ca8abcd
    Size: 10.51 MB
  19. perf-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: 4945c8c7322f9a9d271811e16649b706
    SHA-256: c6a3724d0a4ba15698578c52613fbae8012d5918d365d094e6fa419f47c49062
    Size: 12.83 MB
  20. python3-perf-4.18.0-553.76.1.el8_10.x86_64.rpm
    MD5: baca3116ac385b960d665a9bb92507f8
    SHA-256: 2af6a3ed505cec5c3d0daead915784838f2bc7f155c5b326944b8961c72695bb
    Size: 10.64 MB