kernel-5.14.0-570.25.1.el9_6

エラータID: AXSA:2025-10697:52

リリース日: 
2025/08/06 Wednesday - 09:27
題名: 
kernel-5.14.0-570.25.1.el9_6
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- kernel の UDF ファイルシステムには、メモリ領域の範囲外書き込み
の問題があるため、ローカルの攻撃者により、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2022-49846)

- kernel の IPv6 の実装には、メモリ領域の解放後利用の問題がある
ため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-21759)

- kernel の OverlayFS には、メモリ領域の解放後利用の問題がある
ため、ローカルの攻撃者により、情報の漏洩、およびサービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2025-21887)

- kernel の ATM の実装には、メモリ領域の解放後利用の問題がある
ため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-22004)

- kernel の vmxnet3 ドライバには、リモートの攻撃者により、情報の
漏洩を可能とする脆弱性が存在します。(CVE-2025-37799)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-49846
In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ================================================================== BUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 Write of size 105 at addr ffff8880123ff896 by task syz-executor323/3610 CPU: 0 PID: 3610 Comm: syz-executor323 Not tainted 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c:106 print_address_description+0x74/0x340 mm/kasan/report.c:284 print_report+0x107/0x1f0 mm/kasan/report.c:395 kasan_report+0xcd/0x100 mm/kasan/report.c:495 kasan_check_range+0x2a7/0x2e0 mm/kasan/generic.c:189 memcpy+0x3c/0x60 mm/kasan/shadow.c:66 udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 udf_lookup+0xef/0x340 fs/udf/namei.c:309 lookup_open fs/namei.c:3391 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x10e6/0x2df0 fs/namei.c:3710 do_filp_open+0x264/0x4f0 fs/namei.c:3740 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_creat fs/open.c:1402 [inline] __se_sys_creat fs/open.c:1396 [inline] __x64_sys_creat+0x11f/0x160 fs/open.c:1396 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7ffab0d164d9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffe1a7e6bb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffab0d164d9 RDX: 00007ffab0d164d9 RSI: 0000000000000000 RDI: 0000000020000180 RBP: 00007ffab0cd5a10 R08: 0000000000000000 R09: 0000000000000000 R10: 00005555573552c0 R11: 0000000000000246 R12: 00007ffab0cd5aa0 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Allocated by task 3610: kasan_save_stack mm/kasan/common.c:45 [inline] kasan_set_track+0x3d/0x60 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:371 [inline] __kasan_kmalloc+0x97/0xb0 mm/kasan/common.c:380 kmalloc include/linux/slab.h:576 [inline] udf_find_entry+0x7b6/0x14f0 fs/udf/namei.c:243 udf_lookup+0xef/0x340 fs/udf/namei.c:309 lookup_open fs/namei.c:3391 [inline] open_last_lookups fs/namei.c:3481 [inline] path_openat+0x10e6/0x2df0 fs/namei.c:3710 do_filp_open+0x264/0x4f0 fs/namei.c:3740 do_sys_openat2+0x124/0x4e0 fs/open.c:1310 do_sys_open fs/open.c:1326 [inline] __do_sys_creat fs/open.c:1402 [inline] __se_sys_creat fs/open.c:1396 [inline] __x64_sys_creat+0x11f/0x160 fs/open.c:1396 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd The buggy address belongs to the object at ffff8880123ff800 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 150 bytes inside of 256-byte region [ffff8880123ff800, ffff8880123ff900) The buggy address belongs to the physical page: page:ffffea000048ff80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x123fe head:ffffea000048ff80 order:1 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 ffffea00004b8500 dead000000000003 ffff888012041b40 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x0(), pid 1, tgid 1 (swapper/0), ts 1841222404, free_ts 0 create_dummy_stack mm/page_owner.c: ---truncated---
CVE-2025-21759
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep. Instead use alloc_skb() and charge the net->ipv6.igmp_sk socket under RCU protection.
CVE-2025-21887
In the Linux kernel, the following vulnerability has been resolved: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up The issue was caused by dput(upper) being called before ovl_dentry_update_reval(), while upper->d_flags was still accessed in ovl_dentry_remote(). Move dput(upper) after its last use to prevent use-after-free. BUG: KASAN: slab-use-after-free in ovl_dentry_remote fs/overlayfs/util.c:162 [inline] BUG: KASAN: slab-use-after-free in ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc3/0x620 mm/kasan/report.c:488 kasan_report+0xd9/0x110 mm/kasan/report.c:601 ovl_dentry_remote fs/overlayfs/util.c:162 [inline] ovl_dentry_update_reval+0xd2/0xf0 fs/overlayfs/util.c:167 ovl_link_up fs/overlayfs/copy_up.c:610 [inline] ovl_copy_up_one+0x2105/0x3490 fs/overlayfs/copy_up.c:1170 ovl_copy_up_flags+0x18d/0x200 fs/overlayfs/copy_up.c:1223 ovl_rename+0x39e/0x18c0 fs/overlayfs/dir.c:1136 vfs_rename+0xf84/0x20a0 fs/namei.c:4893 ...
CVE-2025-22004
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
CVE-2025-37799
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivity issues with Cilium's service load- balancing in case of vmxnet3 as NIC underneath. A simple curl to a HTTP backend service where the XDP LB was doing IPIP encap led to overly large packet sizes but only for *some* of the packets (e.g. HTTP GET request) while others (e.g. the prior TCP 3WHS) looked completely fine on the wire. In fact, the pcap recording on the backend node actually revealed that the node with the XDP LB was leaking uninitialized kernel data onto the wire for the affected packets, for example, while the packets should have been 152 bytes their actual size was 1482 bytes, so the remainder after 152 bytes was padded with whatever other data was in that page at the time (e.g. we saw user/payload data from prior processed packets). We only noticed this through an MTU issue, e.g. when the XDP LB node and the backend node both had the same MTU (e.g. 1500) then the curl request got dropped on the backend node's NIC given the packet was too large even though the IPIP-encapped packet normally would never even come close to the MTU limit. Lowering the MTU on the XDP LB (e.g. 1480) allowed to let the curl request succeed (which also indicates that the kernel ignored the padding, and thus the issue wasn't very user-visible). Commit e127ce7699c1 ("vmxnet3: Fix missing reserved tailroom") was too eager to also switch xdp_prepare_buff() from rcd->len to rbi->len. It really needs to stick to rcd->len which is the actual packet length from the descriptor. The latter we also feed into vmxnet3_process_xdp_small(), by the way, and it indicates the correct length needed to initialize the xdp->{data,data_end} parts. For e127ce7699c1 ("vmxnet3: Fix missing reserved tailroom") the relevant part was adapting xdp_init_buff() to address the warning given the xdp_data_hard_end() depends on xdp->frame_sz. With that fixed, traffic on the wire looks good again.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-5.14.0-570.25.1.el9_6.src.rpm
    MD5: e3f08817585247d7d3ebfde57a1b3ca8
    SHA-256: 272a5bb062566d799cf3b9c24f6286783b5d1f84bbdb756f63ca22affa044e99
    Size: 142.49 MB

Asianux Server 9 for x86_64
  1. kernel-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: e13974bfa1f838d415e8e901303ee923
    SHA-256: 6f4a0388e840d76e2c007c81118b12bc7272587d038106e0f91e62995fe29490
    Size: 1.78 MB
  2. kernel-abi-stablelists-5.14.0-570.25.1.el9_6.noarch.rpm
    MD5: 63bff16d2ec9f7af1dfb9b7d4380c241
    SHA-256: 98e9f6ac86cb47d4210e647ab7361713a1fa16bbae0b4e30187fc599ad938aae
    Size: 1.80 MB
  3. kernel-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 5863e87cd5c65e55e5547b45352ef338
    SHA-256: 027ab6cfb9c7bfad341557e113f2146e0d96a92ac0bba10efd5a913308ed8d7f
    Size: 17.84 MB
  4. kernel-cross-headers-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 647d62d8e82de284fbdf7431ee3db4bc
    SHA-256: 78427431ca2b7c7c95fc7916d1d611a4ab3c7ee91e610e97e045437fb084bcca
    Size: 8.64 MB
  5. kernel-debug-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 23bed7a4fb7af5ba9fa664ef82d6e121
    SHA-256: d4b697fafe7f146ce96237f92f2409c27ba10ad0ef68b11f82674fa0a2b8cb31
    Size: 1.78 MB
  6. kernel-debug-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: d9d68bdc34c58d63d3588b7d81fae528
    SHA-256: e437dbe492e0063a5c042f4d62c74054fc169d00150fe67708a8f58c7a91340b
    Size: 31.28 MB
  7. kernel-debug-devel-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 179656cbb3749c621df0b830f6ebfea2
    SHA-256: 4755a0b7da69449f117482d7b0ebd60807fee3ce112e940b7bb21035a82fea23
    Size: 21.76 MB
  8. kernel-debug-devel-matched-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: a10b7d8337c405114304d0f4a09921f6
    SHA-256: 63c04ae4a7e7702698194c09cd314913c869fa19801b86c5f1959952e382ea4a
    Size: 1.78 MB
  9. kernel-debug-modules-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 7d2b5e1c37c2dfe80bbd017fbbcb40f5
    SHA-256: 2f09083ffa0375755ebba4ac33d9b5a4c8924c334343f1cd63b65e4e183f2327
    Size: 67.38 MB
  10. kernel-debug-modules-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 6e8013c3f1d9a2502b9882cbba3cb309
    SHA-256: 20f8ac53c88a01a68de5a60a3c8c9293de257e689653ca790dbcd61f9e0b9cae
    Size: 48.90 MB
  11. kernel-debug-modules-extra-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 7a0eb4ca2e08ebdb450fbdabc7c2d538
    SHA-256: 923394287d98c5d141df623a958d18054646eac83393d017124205592de72ab6
    Size: 2.55 MB
  12. kernel-debug-uki-virt-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: a34945c52c83d9196f0bf1a28fa68a40
    SHA-256: 5c972f7987375be1497eed2d010fcf514ab0e90999a988263fc08eff7b6f659a
    Size: 84.35 MB
  13. kernel-devel-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 7bf9b76a8c5726a5058a798f959979bf
    SHA-256: 2bf30b7008a2e98b1f16f41f4a6d03ab61fdf348687a7ed3ba136cd4da89998b
    Size: 21.59 MB
  14. kernel-devel-matched-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 07c0f22ceb4de662ece45ac3e0548b95
    SHA-256: f957bce5faa73597f3deaada4636c8fad53ee3e3f5a3c5c39daff66a2b3a9d0a
    Size: 1.78 MB
  15. kernel-doc-5.14.0-570.25.1.el9_6.noarch.rpm
    MD5: d5b7aa14570cb648b22af993ce66121c
    SHA-256: 12edf81ced07a933798fb934f5b69f9470b8aeedb0e1c3cd8b70590696937bd9
    Size: 37.91 MB
  16. kernel-headers-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: af28c6c14819248a85e75652e5a04e5b
    SHA-256: 170a2abbca08bef3e81a45693484319534cc502796148a042db493e287a2e7f7
    Size: 3.51 MB
  17. kernel-modules-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 8c9a54da32f30a05d65b6d3de1f1d199
    SHA-256: 92a1e4799da27dcbd79958261a7d068c428e7a3be7c2986d0af492b6f5922daf
    Size: 38.94 MB
  18. kernel-modules-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: ca1397b6033dd9f92f59d0f0c337340b
    SHA-256: 69543d6ab9b9ef18d0a550c799425306a2c369efc860c941cfd375d6af04aeb2
    Size: 30.87 MB
  19. kernel-modules-extra-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 77dea321e4d0a94b3d8e58b9935a88c6
    SHA-256: 2b763b088eaf07ad17938c00d997e335658059d6f3a20520193b1aaf713cd98f
    Size: 2.20 MB
  20. kernel-rt-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: b7324eea857b190d460c8f16fe4d99de
    SHA-256: 4e51a944cf73ccd7b037a8edc0f69cd79494086e742c4f5baac2e19f87168983
    Size: 1.78 MB
  21. kernel-rt-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 39584131a1768af401f3c6047372a1b4
    SHA-256: 3cfe6d08b9f262692c5671ef0e2e16e65aeedc1fc5ffe87699992d9cc80647c3
    Size: 17.74 MB
  22. kernel-rt-debug-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: af6d0a0c4fa6cc44ca463a1a7b2ff4a1
    SHA-256: 614525c3c99e22ceb2c28661cdfa27cf40d58823030067fb11201cd41bce540a
    Size: 1.78 MB
  23. kernel-rt-debug-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 3b5b76d892a06e4f5d59c00b6c4d8be5
    SHA-256: c06c18e15175f49a8093968b5648dadd25e7b6f99950da3af24e090f0f10172f
    Size: 19.14 MB
  24. kernel-rt-debug-devel-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: e0efe61412242001fcb69560df37ad2f
    SHA-256: 336835032f516d5e159f966017d2955fc3fa507eb7162ab18cd58fba4f76314c
    Size: 21.72 MB
  25. kernel-rt-debug-modules-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 811668d1c38caeb9bdbaa1ca5006dab0
    SHA-256: a5a4bf6b79918161348ec96253a978ef5ebd4ccc0408e276c8dd8d2d70e2a498
    Size: 40.34 MB
  26. kernel-rt-debug-modules-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 35cb37a4652e78fa88e4e95455635d4c
    SHA-256: 7bd2a54638e3d11e8344842f82ab60812055d91650ac2e9e527a2b6cde2b0a75
    Size: 31.30 MB
  27. kernel-rt-debug-modules-extra-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 4ad359f7ffcf38804561357237dc815c
    SHA-256: d25539ea8dfe817fee4c0f7dbb10e1aa2598ee25090f628034ca69b7f7ad10bc
    Size: 2.22 MB
  28. kernel-rt-devel-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 3ed3b147db3aeb8bc9136a686829b659
    SHA-256: c8a769d3108430ec78e47f3c5431f1df2914b391484ecd9fe39d9e0ef38ac599
    Size: 21.57 MB
  29. kernel-rt-modules-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 72857d60b535edac1aae92970bdaa422
    SHA-256: 5fc53820ac8c770fc65a80388de8d63697c6622f598385a2f32b0fbd001f0571
    Size: 38.97 MB
  30. kernel-rt-modules-core-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 6aa209de45fdd4d4297effd362329b17
    SHA-256: f5bcd962974613f66598e906aa78d58c57b2a300955a2d898bc624a5191f206e
    Size: 30.24 MB
  31. kernel-rt-modules-extra-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 9ab397e5378513099fc2158fac2aa478
    SHA-256: e249dba1cab9390996bfa20f71e420498c0496a885e81d305d8fe5fa64bc86e7
    Size: 2.20 MB
  32. kernel-tools-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: da2bda4d46a8c75dad885f525660862b
    SHA-256: db28f6fd9e46617ea1e868aaba10b54efd4f3ad43c989eaaad945437f78566b1
    Size: 2.06 MB
  33. kernel-tools-libs-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: a09046a48ef3300042793296b10a0d60
    SHA-256: 6905b47fc4420344f213ee7de17e14f12cf9e08152bc1c0dd9073baf0cd8219b
    Size: 1.79 MB
  34. kernel-tools-libs-devel-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: c5b407b6ce849c72b8c3af4a74b89005
    SHA-256: 4fcd40544ce2c5ded1bea3f9988cb5495bc1466f4d805379145c1e85c0693d43
    Size: 1.78 MB
  35. kernel-uki-virt-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 5929f942a2f0a73d2c31f23279ab7988
    SHA-256: b592c738492041ae1c69e878f10c732da8a831063b816ca549d176af9a66e0db
    Size: 62.99 MB
  36. kernel-uki-virt-addons-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 3f80411e2db70d3891925151cf965054
    SHA-256: 05c14e1a47c0dd6c538bc2d62c033dd702a67ee752e883106581549266fbdb80
    Size: 1.80 MB
  37. libperf-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: d0c826977029ae7e6a03f045515c7170
    SHA-256: 3ecca27ce8e48dc00f6fcf65fa25a095dcd7e40f4c13d3fe52d6dd69631afacd
    Size: 1.80 MB
  38. perf-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 74c49a0b8332c79f19b442ceb0046c66
    SHA-256: 335b91333c3ee951a4f3b0c692656bd994d422914760c339c56ad4e10c6c012f
    Size: 4.00 MB
  39. python3-perf-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 9900c196e86f3dccd24b2c88fbb160a5
    SHA-256: 45077744b39f03583e38f00b7fc480349ca41f6d852f813be33993d4a5955a3b
    Size: 3.18 MB
  40. rtla-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: f2347ac2258390ad4a1123f644d0498d
    SHA-256: 3247d86bcdf3f51df01e1e902d17c59abe7a2812e2594420b0866717f1cbcd27
    Size: 1.83 MB
  41. rv-5.14.0-570.25.1.el9_6.x86_64.rpm
    MD5: 7ba06f8b186dfd81584bd3ec89d4e16b
    SHA-256: 9f7f7b446c8bfc525f2cc2b7402b88655c8e2e9dc8e4a5ff8ad55e20ac48dd18
    Size: 1.79 MB