kernel-4.18.0-553.120.1.el8_10

エラータID: AXSA:2026-499:28

Release date: 
Monday, April 27, 2026 - 10:15
Subject: 
kernel-4.18.0-553.120.1.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741)
* kernel: ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_purex_item() function may return a pre-allocated item from a per-adapter pool for small allocations, instead of dynamically allocating memory with kzalloc(). An error handling path in qla2xxx_process_purls_iocb() incorrectly uses kfree() to release the item. If the item was from the pre-allocated pool, calling kfree() on it is a bug that can lead to memory corruption. Fix this by using the correct deallocation function, qla24xx_free_purex_item(), which properly handles both dynamically allocated and pre-allocated items.
CVE-2026-23191
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF when a program attempts to trigger frequently while opening/closing the tied stream, as spotted by fuzzers. For addressing the UAF, this patch changes two things: - It covers the most of code in loopback_check_format() with cable->lock spinlock, and add the proper NULL checks. This avoids already some racy accesses. - In addition, now we try to check the state of the capture PCM stream that may be stopped in this function, which was the major pain point leading to UAF.

Solution: 

Update packages.

CVEs: 
CVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(). The qla24xx_alloc_purex_item() function may return a pre-allocated item from a per-adapter pool for small allocations, instead of dynamically allocating memory with kzalloc(). An error handling path in qla2xxx_process_purls_iocb() incorrectly uses kfree() to release the item. If the item was from the pre-allocated pool, calling kfree() on it is a bug that can lead to memory corruption. Fix this by using the correct deallocation function, qla24xx_free_purex_item(), which properly handles both dynamically allocated and pre-allocated items.
CVE-2026-23191
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are performed outside the cable lock, this may result in UAF when a program attempts to trigger frequently while opening/closing the tied stream, as spotted by fuzzers. For addressing the UAF, this patch changes two things: - It covers the most of code in loopback_check_format() with cable->lock spinlock, and add the proper NULL checks. This avoids already some racy accesses. - In addition, now we try to check the state of the capture PCM stream that may be stopped in this function, which was the major pain point leading to UAF.
Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-4.18.0-553.120.1.el8_10.src.rpm
    MD5: 7df52694f019a9fe00299b9be1bfd7e7
    SHA-256: aff5b406f911abfc7a89a1098410328acd3fd90fb2918ea96579e8dff66c95a8
    Size: 132.37 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 1d8f3fffd53bade82c2034db04a5a707
    SHA-256: 3fd9db2daa70332546ee7070edf74fced42e93d223a68c76e328c35b35959ac9
    Size: 11.30 MB
  2. kernel-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 858be034470aac0e0f7d9486b7cd4fac
    SHA-256: 0d904398ae2fdae88f566b449a144e4bc7793d1a13247b2160d2725dd87f4881
    Size: 10.57 MB
  3. kernel-abi-stablelists-4.18.0-553.120.1.el8_10.noarch.rpm
    MD5: 9bcbcd22c6f7a4816bd3ef4da031ea6d
    SHA-256: ba0403c5b1c8e39ffb0ad32d703f7727faf3ad00cb70c47cf52ed4e948784bf0
    Size: 10.59 MB
  4. kernel-core-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: fa2db7b02fe28c5d7748f8cede494303
    SHA-256: c3d664de176322fbf7d079fb79912b03884769009f216a66cd349e19424c83ce
    Size: 43.61 MB
  5. kernel-cross-headers-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 08af25a9b1fd5f451cb3dd68d13ddd41
    SHA-256: e35ae4d462e23fd79fcd3983866eba2d336b6082743f55f4bd046683a874407f
    Size: 15.92 MB
  6. kernel-debug-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 383d137f6acdf63ef520a934f729bbee
    SHA-256: 55fc3bb5db9a5a9c36710e4ce696c6ad8bd3c0253487eb7e9dd07b25f3a1e663
    Size: 10.57 MB
  7. kernel-debug-core-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 879dc2b1d741578738a05c6348e9bc28
    SHA-256: 7287bae746b2f611d6e2024c44656378c0c623740ffb326351860094ee1c9186
    Size: 72.93 MB
  8. kernel-debug-devel-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 2ed602934eafe2c121139bbe078855eb
    SHA-256: 87f215c0781d416a6e3a8ccd17979c7123594d1811e9be97c06802700e6f9c7b
    Size: 24.43 MB
  9. kernel-debug-modules-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 52de77afba22807dc958f29edd4f50f3
    SHA-256: 9b0ed44213ce8a182e3c1f3827de92148c2c34e990d4a8a5848fc595cf1b6b61
    Size: 66.05 MB
  10. kernel-debug-modules-extra-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 9716e918d478e9ef65d3296b8c155cff
    SHA-256: 07600501f1e6afb800d28f4300d660ad045cfa6cc0f296934278bda5b1db3785
    Size: 11.95 MB
  11. kernel-devel-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 82f66e738e45a9de74f42a6eda845c61
    SHA-256: 64d68af47c83fbdc20b2d04435527068e76d36718f5858679a4437ea49664365
    Size: 24.22 MB
  12. kernel-doc-4.18.0-553.120.1.el8_10.noarch.rpm
    MD5: 79a35daf25605296ca32cb0648d65e91
    SHA-256: 6c85f7eab0f4e16d8394f7ca0f5df42e526a708b2a2056790244d8cf0b771af5
    Size: 28.44 MB
  13. kernel-headers-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 0f2141b4367d3e18c897e565a1336ffc
    SHA-256: 864123ecc261f3a5e4e165c99f5b11ce0721b76caf57a326f3e0784d08442994
    Size: 11.93 MB
  14. kernel-modules-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 10709aead60363c5ae16aeab5a0724f2
    SHA-256: 73cccf4129ebf47bb807dcd2e5f7d5c0b7817df0e3ea3dc2ff0fe706e9225cca
    Size: 36.40 MB
  15. kernel-modules-extra-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 194b47c6ecc1889fe4e07e4b2f81ea3f
    SHA-256: b5a751ebe050aa9e6162dc96c83e1551105bb7a896e06a5f649b5cce81aa0bd2
    Size: 11.26 MB
  16. kernel-tools-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 66204387d45421b30d501ef63a8d18a7
    SHA-256: 6d351ffcf09dbf66461fe66cac64c9c1dda50051e08a0fdf3dbf4cb2c670e04c
    Size: 10.79 MB
  17. kernel-tools-libs-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 2677ed6f6cbbcebbe4cff35580400633
    SHA-256: 648e35a55d008cb3b34099cf3c4b0a575b4cb279e01629e8c8bf246d0f8f2631
    Size: 10.58 MB
  18. kernel-tools-libs-devel-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 3076d2f40eee85100a8897a8f39249de
    SHA-256: 19df29cd19c85b3bb831192c4fe0e4c58cf19bccfca00e91d8c26f1be6902639
    Size: 10.58 MB
  19. perf-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: bf2afebbc3a8f72a5e0ce1c556d2bfac
    SHA-256: 2ea65a73638269158acea4ce8ae660bd7c68d769d5ff0c153503a3b180310093
    Size: 12.89 MB
  20. python3-perf-4.18.0-553.120.1.el8_10.x86_64.rpm
    MD5: 774b6a4cdb456828b1b2c25dad722fdc
    SHA-256: 34426340712683563aa0c7026ece675f93a0410fe7b07132cdbb00c48ab151b8
    Size: 10.70 MB