kernel-5.14.0-570.17.1.el9_6

エラータID: AXSA:2025-10435:40

リリース日: 
2025/07/11 Friday - 13:30
題名: 
kernel-5.14.0-570.17.1.el9_6
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: vsock: Keep the binding until socket destruction (CVE-2025-21756)
* kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (CVE-2025-21966)
* kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-21756
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket unbinding during a transport reassignment, which fixes a use-after-free: 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2) 2. transport->release() calls vsock_remove_bound() without checking if sk was bound and moved to bound list (refcnt=1) 3. vsock_bind() assumes sk is in unbound list and before __vsock_insert_bound(vsock_bound_sockets()) calls __vsock_remove_bound() which does: list_del_init(&vsk->bound_table); // nop sock_put(&vsk->sk); // refcnt=0 BUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730 Read of size 4 at addr ffff88816b46a74c by task a.out/2057 dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 __vsock_bind+0x62e/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 __vsock_create.constprop.0+0x2e/0xb60 vsock_create+0xe4/0x420 __sock_create+0x241/0x650 __sys_socket+0xf2/0x1a0 __x64_sys_socket+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 __vsock_bind+0x5e1/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e refcount_t: addition on 0; use-after-free. WARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150 RIP: 0010:refcount_warn_saturate+0xce/0x150 __vsock_bind+0x66d/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e refcount_t: underflow; use-after-free. WARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150 RIP: 0010:refcount_warn_saturate+0xee/0x150 vsock_remove_bound+0x187/0x1e0 __vsock_release+0x383/0x4a0 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x359/0xa80 task_work_run+0x107/0x1d0 do_exit+0x847/0x2560 do_group_exit+0xb8/0x250 __x64_sys_exit_group+0x3a/0x50 x64_sys_call+0xfec/0x14f0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
CVE-2025-21966
In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init
CVE-2025-37749
In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0xffff8880371cdb96 } from the skb struct (trimmed) tail = 0x16, end = 0x140, head = 0xffff88803346f400 "4", data = 0xffff88803346f416 ":\377", truesize = 0x380, len = 0x0, data_len = 0x0, mac_len = 0xe, hdr_len = 0x0, it is not safe to access data[2]. [pabeni@redhat.com: fixed subj typo]

解決策: 

Update packages.

CVE: 
CVE-2025-21756
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket unbinding during a transport reassignment, which fixes a use-after-free: 1. vsock_create() (refcnt=1) calls vsock_insert_unbound() (refcnt=2) 2. transport->release() calls vsock_remove_bound() without checking if sk was bound and moved to bound list (refcnt=1) 3. vsock_bind() assumes sk is in unbound list and before __vsock_insert_bound(vsock_bound_sockets()) calls __vsock_remove_bound() which does: list_del_init(&vsk->bound_table); // nop sock_put(&vsk->sk); // refcnt=0 BUG: KASAN: slab-use-after-free in __vsock_bind+0x62e/0x730 Read of size 4 at addr ffff88816b46a74c by task a.out/2057 dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 __vsock_bind+0x62e/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 __vsock_create.constprop.0+0x2e/0xb60 vsock_create+0xe4/0x420 __sock_create+0x241/0x650 __sys_socket+0xf2/0x1a0 __x64_sys_socket+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 2057: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 __vsock_bind+0x5e1/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e refcount_t: addition on 0; use-after-free. WARNING: CPU: 7 PID: 2057 at lib/refcount.c:25 refcount_warn_saturate+0xce/0x150 RIP: 0010:refcount_warn_saturate+0xce/0x150 __vsock_bind+0x66d/0x730 vsock_bind+0x97/0xe0 __sys_bind+0x154/0x1f0 __x64_sys_bind+0x6e/0xb0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e refcount_t: underflow; use-after-free. WARNING: CPU: 7 PID: 2057 at lib/refcount.c:28 refcount_warn_saturate+0xee/0x150 RIP: 0010:refcount_warn_saturate+0xee/0x150 vsock_remove_bound+0x187/0x1e0 __vsock_release+0x383/0x4a0 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x359/0xa80 task_work_run+0x107/0x1d0 do_exit+0x847/0x2560 do_group_exit+0xb8/0x250 __x64_sys_exit_group+0x3a/0x50 x64_sys_call+0xfec/0x14f0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e
CVE-2025-21966
In the Linux kernel, the following vulnerability has been resolved: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature Fix memory corruption due to incorrect parameter being passed to bio_init
CVE-2025-37749
In the Linux kernel, the following vulnerability has been resolved: net: ppp: Add bound checking for skb data on ppp_sync_txmung Ensure we have enough data in linear buffer from skb before accessing initial bytes. This prevents potential out-of-bounds accesses when processing short packets. When ppp_sync_txmung receives an incoming package with an empty payload: (remote) gef➤ p *(struct pppoe_hdr *) (skb->head + skb->network_header) $18 = { type = 0x1, ver = 0x1, code = 0x0, sid = 0x2, length = 0x0, tag = 0xffff8880371cdb96 } from the skb struct (trimmed) tail = 0x16, end = 0x140, head = 0xffff88803346f400 "4", data = 0xffff88803346f416 ":\377", truesize = 0x380, len = 0x0, data_len = 0x0, mac_len = 0xe, hdr_len = 0x0, it is not safe to access data[2]. [pabeni@redhat.com: fixed subj typo]
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-5.14.0-570.17.1.el9_6.src.rpm
    MD5: 9cd530033361b0b0a6adf9a5c9bd0a81
    SHA-256: aac2c580361c968bc17139aa3da482c9026fe4ea04d6932b82f12b7d95b5a00a
    Size: 142.46 MB

Asianux Server 9 for x86_64
  1. kernel-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 4e8b315db06fa208192aae11f67c291e
    SHA-256: 9c072d04fe38c93ca89a1219894cdd2269b8a0dd3d7a6f55fd9e3aa278a7cabf
    Size: 1.77 MB
  2. kernel-abi-stablelists-5.14.0-570.17.1.el9_6.noarch.rpm
    MD5: e37b2c2e50cf79a9371c70b0821f4cd1
    SHA-256: ad818f0a9df507139c80fb4ba9cfd2b0af905353403986c45989edfaefe84c86
    Size: 1.79 MB
  3. kernel-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 00aac4d26e0c1394f56b73fb7216044e
    SHA-256: 3cb46a4386687408c3c65ccdf36045def915f4090123f9e451b9592ae87af634
    Size: 17.83 MB
  4. kernel-cross-headers-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: d4c8ff106233f7e6d98e50296835a9b1
    SHA-256: 2f6f368dcba2b98aa354777da617f6beff1dcd6f11c02730b7c57ee9bcd98b1a
    Size: 8.63 MB
  5. kernel-debug-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 7b5705c02d3cf4822316fad42f6527fe
    SHA-256: 5718d814b584e35a2c9e83697b102b4d678ef07723b7cc13b91f66ec0049fe94
    Size: 1.77 MB
  6. kernel-debug-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: b4a40b8fe57008c9e1a989e7899cf8f0
    SHA-256: d74029853f25135e9bc0de449bc4758f33c8362fe31b89cad24a6cdbdb3a7d61
    Size: 31.26 MB
  7. kernel-debug-devel-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: c727be8daa2a16028c79db677b981b9e
    SHA-256: 1f752979a295226c17271571fe2b346ef9360dfad9c46b4aa81e28371d16a29c
    Size: 21.75 MB
  8. kernel-debug-devel-matched-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 4cc75fd6c7fa9256a364969c567b78e4
    SHA-256: ca9edb48ba252bf5b0d80e8f56b43179bd9d09a2348e758ec37f1cb412e37dc1
    Size: 1.77 MB
  9. kernel-debug-modules-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: c6b91b21de0e377c858611c9af51df45
    SHA-256: 37bbad16fccfb99de65ddb80ad0e1c62197778bfeb6fd8aa76d1e8672b487897
    Size: 67.06 MB
  10. kernel-debug-modules-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: cdb91ea43bccf973b19c62d7dadcdbb2
    SHA-256: a257da9e48c3eb169c5b3435efb21495a02117ce55a50653acd1d3690b8671de
    Size: 48.88 MB
  11. kernel-debug-modules-extra-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 75c007014ba2e59008913d419ed5a698
    SHA-256: 8a49e7264b5fd8cf03e8c70ab9555f368f48e957500ad999cf16ebbce0fea0dd
    Size: 2.54 MB
  12. kernel-debug-uki-virt-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 0eca377ece84181a86b6e39434fdad12
    SHA-256: 5cb5976db8e6bd26f3d893c5be78726d36f2e36bd97a1045a1ef6a93bd57bb10
    Size: 84.29 MB
  13. kernel-devel-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 7cbb920164798934afde265322a07e75
    SHA-256: d4ea9744ae3296d21ae49eaca0e610ee564a4568e74be302ad037ea4e5da6570
    Size: 21.58 MB
  14. kernel-devel-matched-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 18180689a1221463ba8ee5051e390d78
    SHA-256: 2cca04d9fced7e9f13b6f66f955181c7671c76de1a18f6c5709413638cc5dbdd
    Size: 1.77 MB
  15. kernel-doc-5.14.0-570.17.1.el9_6.noarch.rpm
    MD5: 1afb8506f8edd342666b400deaa82f47
    SHA-256: f9feda7436caca6830be5c1f292755581bb628681059c8181dcc4066886485c6
    Size: 37.90 MB
  16. kernel-headers-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 05455da56e37d9a3e27feaf61443074a
    SHA-256: cacb2b0333e2841aeb0425ab8df247fd218dbe20715cd9295c0bb5d03e7aac57
    Size: 3.51 MB
  17. kernel-modules-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: db5fb8fcbe33791a45a2170deda63cf4
    SHA-256: 39e49e8d60d9204aed0460b50dc5ca86d5423add55bcb1fb5ed9508d7e53f83e
    Size: 38.74 MB
  18. kernel-modules-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 30eeef9475266214d3cb6f2ee29347bb
    SHA-256: a49c1c02b20bb0ce6101cc1b4405ee51cf11dee30041147645d532108e40e096
    Size: 30.85 MB
  19. kernel-modules-extra-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 79cd4f1a52b727ac9bad986cba05e1bb
    SHA-256: d933537cc8729122d5297df313cec7200fcdb45027078274b50f0997e98a6726
    Size: 2.19 MB
  20. kernel-rt-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: f1ad889f1437db379f260bb2dfc4ef31
    SHA-256: e51860ce8e3e25dd73e3f885daa4570c3c32d1f2f09b52c4934a18297f4558b0
    Size: 1.77 MB
  21. kernel-rt-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 4a3d3b07303597b3a1a8aec598b3a79d
    SHA-256: 7681d035ea39d5e37c20d6dd9dd6beb73e504f50fb31c3f744c1a56dc8501019
    Size: 17.73 MB
  22. kernel-rt-debug-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 27ba1fe36a803b86444f4df0d870c920
    SHA-256: 8d358a6833f3ae408bb7265e85d0d7dc4e386b6723eb4e40cefa815131325d8c
    Size: 1.77 MB
  23. kernel-rt-debug-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 240c86f2a19efb65f0f48525d2265eb3
    SHA-256: efe2c70a29895e4a800497156daed2ab639bef3c08bf5f95360b3eadbbd9c62f
    Size: 19.13 MB
  24. kernel-rt-debug-devel-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: c9f998ac8378a5a61399070ec5aa9e40
    SHA-256: a10013dcbf23956c8f15be2a09372ad7988eedaaf82f02d9842b623252c4b2da
    Size: 21.71 MB
  25. kernel-rt-debug-kvm-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: d20b98ee114d4691fee76fd138d1940e
    SHA-256: ae53516f70cd153abc87c727c90bc8d961ec2b7416b2d226cac0ac75d1c99b81
    Size: 2.50 MB
  26. kernel-rt-debug-modules-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 6c5370a58b9b6f9203cd017bf8aa28a4
    SHA-256: ce4573c1b5c3d1a1eda6494b04b3fe13cb9a302887530af576aaedee605ae2ef
    Size: 40.14 MB
  27. kernel-rt-debug-modules-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 97d0004aeecffbc5ecde044974b90915
    SHA-256: c42098d06d23bf5ceb9d5a217a5b70905ec7617da8913c2c2154f8b422b9bceb
    Size: 31.27 MB
  28. kernel-rt-debug-modules-extra-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: fd0d6e0ef7fb5e3cb848344309beeffe
    SHA-256: 1e1295f1bf3be61fe5286e54e620042dd96b71bf7c2d149f3e22c2a7d7d68917
    Size: 2.22 MB
  29. kernel-rt-devel-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 81c7f98f6f409a74e0c53886b42ee40f
    SHA-256: eb767baf49e66bd1d332f5efad805edf877b8f344b27b16ce269f5e15d827225
    Size: 21.56 MB
  30. kernel-rt-kvm-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 1876267faca189805136a9b95d8e11cb
    SHA-256: ea8a1fe4d9afff1743f69727cf05af7e630b50dea97a93bd155973c941fadd48
    Size: 2.46 MB
  31. kernel-rt-modules-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: ce5a328d7e7f71d2275e79f022c4de98
    SHA-256: 265e5e749a34b0549b15df3ecb32e27d29db63037214b091b2c538d8877895b8
    Size: 38.74 MB
  32. kernel-rt-modules-core-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 289f6e8783da5b11e3943cb8b060d363
    SHA-256: 476c9b8610dd2e11915494497eca89c0d13292f66c3672382bd0c81e51aecf51
    Size: 30.23 MB
  33. kernel-rt-modules-extra-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: b3d1788f38e22371fa96f6d0dac1df55
    SHA-256: b3cb5be8e34731b8905fe07cd8f45676a1ca8aecd667214be9f92a297612f9ea
    Size: 2.19 MB
  34. kernel-tools-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: d228df118115bbd685bad16db4c80edf
    SHA-256: 092e707d9b899e65a59249b95d00be0a83b5665f4ca7c946763a13cbde628bb4
    Size: 2.05 MB
  35. kernel-tools-libs-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 9996bd0889fbcbf45606f8d65bb4d2e8
    SHA-256: 460a823c84224432cb23f6aeb3b3b062b008c3b01433b8cf085b05713ac84eb7
    Size: 1.78 MB
  36. kernel-tools-libs-devel-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: f0bf93cef57ad530d55620bc6cc1720b
    SHA-256: cda42c45dbaffa7f18840d065c3ed59d58fc7a8d54e673aa9654be9fe5a5effc
    Size: 1.77 MB
  37. kernel-uki-virt-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 7485ecbab2013a4e939c2976b3a1fa17
    SHA-256: 13b27b8a84b0387745d50cc7d9702e3ed5957178c055c08b0aef56ef08e7c840
    Size: 62.94 MB
  38. kernel-uki-virt-addons-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 943db772cbf0c6f00468b6dd0363507c
    SHA-256: 6f6182d5943b5f443a551e8b9cfd516f99880873f62c59819732a1c1eed2dd7b
    Size: 1.79 MB
  39. libperf-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 004066451c72615d13d730f7772e6106
    SHA-256: 87eb523e8e3617c791cc36ceddcf6a559c1135603ba387d1555e9a3039843c28
    Size: 1.79 MB
  40. perf-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: bca531193b2e661a21150794c30e2c4b
    SHA-256: 6be08aab62e3c5c024b23f21d78a2ae57f2e059ff2bbef97784440faf7d86bf1
    Size: 4.00 MB
  41. python3-perf-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: f5f435b2b8b613999b003f3718a179aa
    SHA-256: df21657a1165012913913bd992703a4cd84c7e11d6506bf54413bf95df3586d8
    Size: 3.17 MB
  42. rtla-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: 90d454cbe3f2b74cbdcd2ce4fe582103
    SHA-256: 4fecb7dbf939cae100ca4d5774a961ac411ef87734b8b2068f8a4b48a7d8020a
    Size: 1.83 MB
  43. rv-5.14.0-570.17.1.el9_6.x86_64.rpm
    MD5: c5233e85098b4d491da2ac1c92ee968a
    SHA-256: 6ce746841d1f058c3746470fb6d5e25f612ef10ecfa740cde343def2448e3b7d
    Size: 1.78 MB