kernel-4.18.0-553.34.1.el8_10

エラータID: AXSA:2025-9558:05

リリース日: 
2025/01/20 Monday - 11:41
題名: 
kernel-4.18.0-553.34.1.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: i40e: fix race condition by adding filter's intermediate sync state (CVE-2024-53088)
* kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-53088
In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multiple threads are concurrently modifying MAC/VLAN filters by setting mac and port VLAN. 1. Thread T0 allocates a filter in i40e_add_filter() within i40e_ndo_set_vf_port_vlan(). 2. Thread T1 concurrently frees the filter in __i40e_del_filter() within i40e_ndo_set_vf_mac(). 3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which refers to the already freed filter memory, causing corruption. Reproduction steps: 1. Spawn multiple VFs. 2. Apply a concurrent heavy load by running parallel operations to change MAC addresses on the VFs and change port VLANs on the host. 3. Observe errors in dmesg: "Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX, please set promiscuous on manually for VF XX". Exact code for stable reproduction Intel can't open-source now. The fix involves implementing a new intermediate filter state, I40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list. These filters cannot be deleted from the hash list directly but must be removed using the full process.
CVE-2024-53122
In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf().

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-4.18.0-553.34.1.el8_10.src.rpm
    MD5: 44271fdb01cbfefce60da48c15ea9cfe
    SHA-256: 20eb9fc3d8e4698ef681ea582a2e1a38659628658cbdfb28e0f0cc71fcd89919
    Size: 132.20 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: e4c79f236cc1ea1da9aff2563bf26479
    SHA-256: e5ba4baeee76276dd9d71efa42f9812f45a90c7d83fd319348814e13116c94c3
    Size: 11.20 MB
  2. kernel-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: f1585d30bc37b13b3f3204b6da11ef3f
    SHA-256: 84664a552d26bb99043ba53d0ed9c379a179628da24d18c5f02c9146608e4899
    Size: 10.47 MB
  3. kernel-abi-stablelists-4.18.0-553.34.1.el8_10.noarch.rpm
    MD5: c72ee59176ac2c11dc709e67ddc91ce8
    SHA-256: 5f5d5832c9d927dca5e5fa6393bbf00dea134fdfd16f7831fa2c2017d3d656c1
    Size: 10.49 MB
  4. kernel-core-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 386ac07a9712ce470c291fc2d8e1e039
    SHA-256: 9d232ad30075eea35e8c56b25200907fae3b35caffcc41ab20e19ba1796b49b3
    Size: 43.50 MB
  5. kernel-cross-headers-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 533e6c09a111e7826867e738eaba97eb
    SHA-256: 696981679bd60ff1947a6a53e05377f6c2a03b91d2df9d049887e68d43ad7548
    Size: 15.82 MB
  6. kernel-debug-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 021acc888ebfa1d4f85ba7bea4373636
    SHA-256: 93626a5b6a9bacf86c75bd9a75f69bc49c6a389ad4e504582ac37e153b728359
    Size: 10.47 MB
  7. kernel-debug-core-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 69d142056ce8a406d4399b8028951bdf
    SHA-256: e4500f08eb80c1968ad1598e27148c794f9628e9383b6d8ded6a52c95e280cad
    Size: 72.79 MB
  8. kernel-debug-devel-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 32d244b18ec900ecc9470df3cdd8c736
    SHA-256: 308037c385613ddd05ee2b4eaceac524611d573180b0bc23ded5274c58d9836a
    Size: 24.30 MB
  9. kernel-debug-modules-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 0e12418fb5b89d86914fe05a5c3b47a3
    SHA-256: 6216def2d6581002a3f6f04d96c0d1ccfd640a48fcd8c025c114c24bf034eac6
    Size: 65.89 MB
  10. kernel-debug-modules-extra-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: e2ccb5091a750013b324ab1817d61863
    SHA-256: 17dfc0a2deea7963e508c535f07e49646cc268270b27be54e4e56dec61effba8
    Size: 11.85 MB
  11. kernel-devel-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 91b4359f909b6386f0f81c80992da902
    SHA-256: f2e0a740325fc17096ad6513eba5c4e372e720d66ed73d3ab184be1b02a77dcb
    Size: 24.10 MB
  12. kernel-doc-4.18.0-553.34.1.el8_10.noarch.rpm
    MD5: 8fe70e6f1894e5c4fd8fd8277674def7
    SHA-256: c0ad9cda326eb08ed2cdcda57b03168081ef7ec5eb9cf717ba648368ce12a06d
    Size: 28.33 MB
  13. kernel-headers-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: f9e012415cc4d45c6170065d6e712505
    SHA-256: a232fa225ea2186be88b4e858812bc2b9446713cccca41d725287d34f79021d4
    Size: 11.82 MB
  14. kernel-modules-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 4baea034a6fb2e990b8c6d062cea7115
    SHA-256: a0e4ab4e32e1dc2c77cd5066db4ab222c45979b58fcd51bdbd7c56c53a67aac4
    Size: 36.29 MB
  15. kernel-modules-extra-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: d5dc79dfc7addf4b09b10e51ac873ddd
    SHA-256: 08c5332d5ed7fb804f55cfdd7a6e3a680b3402564678fa00bb0e4853c8768370
    Size: 11.16 MB
  16. kernel-tools-4.18.0-553.34.1.el8_10.x86_64.rpm
    MD5: 3d8ffc3b104b1309bbc049f6f833fd78
    SHA-256: 77328815dc01b17d0aa1b2a5f9f943c0fe8689fa3ac2a420ea788a26c8843886
    Size: 10.69 MB