kernel-5.14.0-570.37.1.el9_6

エラータID: AXSA:2025-10828:63

リリース日: 
2025/09/04 Thursday - 10:14
題名: 
kernel-5.14.0-570.37.1.el9_6
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- kernel の UDP の実装には、整数オーバーフローの問題があるため、
ローカルの攻撃者により、情報の漏洩、およびサービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2025-22058)

- kernel のネットワークスケジューラの実装には、メモリ領域の
解放後利用の問題があるため、ローカルの攻撃者により、情報の漏洩、
データ破壊、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-37914)

- kernel の ice ドライバには、ローカルの攻撃者により、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-38417)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-22058
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,288 pages and never dropped. Moreover, the value doubled when the application was terminated. Finally, it caused intermittent packet drops. We can reproduce the issue with the script below [0]: 1. /proc/net/sockstat reports 0 pages # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 0 2. Run the script till the report reaches 524,288 # python3 test.py & sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 3 mem 524288 <-- (INT_MAX + 1) >> PAGE_SHIFT 3. Kill the socket and confirm the number never drops # pkill python3 && sleep 5 # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 524288 4. (necessary since v6.0) Trigger proto_memory_pcpu_drain() # python3 test.py & sleep 1 && pkill python3 5. The number doubles # cat /proc/net/sockstat | grep UDP: UDP: inuse 1 mem 1048577 The application set INT_MAX to SO_RCVBUF, which triggered an integer overflow in udp_rmem_release(). When a socket is close()d, udp_destruct_common() purges its receive queue and sums up skb->truesize in the queue. This total is calculated and stored in a local unsigned integer variable. The total size is then passed to udp_rmem_release() to adjust memory accounting. However, because the function takes a signed integer argument, the total size can wrap around, causing an overflow. Then, the released amount is calculated as follows: 1) Add size to sk->sk_forward_alloc. 2) Round down sk->sk_forward_alloc to the nearest lower multiple of PAGE_SIZE and assign it to amount. 3) Subtract amount from sk->sk_forward_alloc. 4) Pass amount >> PAGE_SHIFT to __sk_mem_reduce_allocated(). When the issue occurred, the total in udp_destruct_common() was 2147484480 (INT_MAX + 833), which was cast to -2147482816 in udp_rmem_release(). At 1) sk->sk_forward_alloc is changed from 3264 to -2147479552, and 2) sets -2147479552 to amount. 3) reverts the wraparound, so we don't see a warning in inet_sock_destruct(). However, udp_memory_allocated ends up doubling at 4). Since commit 3cd3399dd7a8 ("net: implement per-cpu reserves for memory_allocated"), memory usage no longer doubles immediately after a socket is close()d because __sk_mem_reduce_allocated() caches the amount in udp_memory_per_cpu_fw_alloc. However, the next time a UDP socket receives a packet, the subtraction takes effect, causing UDP memory usage to double. This issue makes further memory allocation fail once the socket's sk->sk_rmem_alloc exceeds net.ipv4.udp_rmem_min, resulting in packet drops. To prevent this issue, let's use unsigned int for the calculation and call sk_forward_alloc_add() only once for the small delta. Note that first_packet_length() also potentially has the same problem. [0]: from socket import * SO_RCVBUFFORCE = 33 INT_MAX = (2 ** 31) - 1 s = socket(AF_INET, SOCK_DGRAM) s.bind(('', 0)) s.setsockopt(SOL_SOCKET, SO_RCVBUFFORCE, INT_MAX) c = socket(AF_INET, SOCK_DGRAM) c.connect(s.getsockname()) data = b'a' * 100 while True: c.send(data)
CVE-2025-37914
In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: Fix double list add in class with netem as child qdisc As described in Gerrard's report [1], there are use cases where a netem child qdisc will make the parent qdisc's enqueue callback reentrant. In the case of ets, there won't be a UAF, but the code will add the same classifier to the list twice, which will cause memory corruption. In addition to checking for qlen being zero, this patch checks whether the class was already added to the active_list (cl_is_active) before doing the addition to cater for the reentrant case. [1] https://lore.kernel.org/netdev/CAHcdcOm+03OD2j6R0=YHKqmy=VgJ8xEOKuP6c7mSgnp-TEJJbw@mail.gmail.com/
CVE-2025-38417
In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in attaching VF procedure and allocate required port representor memory structures only in switchdev mode. The reset flows triggers VF (if present) detach/attach procedure. It might involve VF port representor(s) re-creation if the device is configured is switchdev mode (not legacy one). The memory was blindly allocated in current implementation, regardless of the mode and not freed if in legacy mode. Kmemeleak trace: unreferenced object (percpu) 0x7e3bce5b888458 (size 40): comm "bash", pid 1784, jiffies 4295743894 hex dump (first 32 bytes on cpu 45): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 0): pcpu_alloc_noprof+0x4c4/0x7c0 ice_repr_create+0x66/0x130 [ice] ice_repr_create_vf+0x22/0x70 [ice] ice_eswitch_attach_vf+0x1b/0xa0 [ice] ice_reset_all_vfs+0x1dd/0x2f0 [ice] ice_pci_err_resume+0x3b/0xb0 [ice] pci_reset_function+0x8f/0x120 reset_store+0x56/0xa0 kernfs_fop_write_iter+0x120/0x1b0 vfs_write+0x31c/0x430 ksys_write+0x61/0xd0 do_syscall_64+0x5b/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Testing hints (ethX is PF netdev): - create at least one VF echo 1 > /sys/class/net/ethX/device/sriov_numvfs - trigger the reset echo 1 > /sys/class/net/ethX/device/reset
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-5.14.0-570.37.1.el9_6.src.rpm
    MD5: 175271c9dc638bd8da3a907e71aaa246
    SHA-256: 155959eba56c5d19fb3d22920d193d793600ec3f623ce0614ac9c7d354460ff1
    Size: 142.51 MB

Asianux Server 9 for x86_64
  1. kernel-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 8726cbaa03943bdbb67ad0c6ed64b400
    SHA-256: cb232fd777d2dbc86f4f03fcaf7c9788c604b4dced2cef763bb11c0c581e5ee1
    Size: 1.79 MB
  2. kernel-abi-stablelists-5.14.0-570.37.1.el9_6.noarch.rpm
    MD5: 6426bafb269e2321297ab3a5939aa50a
    SHA-256: fbb579f0de2ff7092a49ef29c5fe1560268689f7e6b4a49bdb617cb018d412af
    Size: 1.82 MB
  3. kernel-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 5600f4fb0b4adab2133dab2ebb712265
    SHA-256: 17933d6bd2dc6e624472c408caf63d7a7067162ce1070be805357b62ff226e7d
    Size: 17.87 MB
  4. kernel-cross-headers-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: bb03f8c4725a781f54b95d4c3f34f2f2
    SHA-256: cda06d11dfbe20fc68028edb7e3e343be57d2bd009e17b496d98a972a6b8ab2b
    Size: 8.66 MB
  5. kernel-debug-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 07b39167f7387af51362f7c88cc43834
    SHA-256: eefe524f685666e3d26c73fe76aac5127119c5a477ba833cf699380f8dc91fda
    Size: 1.79 MB
  6. kernel-debug-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 5dcbe15241b8700ec3497b457370bb5a
    SHA-256: d0cc2f349e6aed1d99c8f734a3b19de6590780c9763f16b58949e6d6c42891f5
    Size: 31.30 MB
  7. kernel-debug-devel-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 44825a41a0b6559368e39cd0c8bc80f0
    SHA-256: d3d858b39c11d0cc67f883324dca5423b24ded73e6c657efe38451ba7357122b
    Size: 21.79 MB
  8. kernel-debug-devel-matched-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 0f1659a55e45680eccaa74fb4a86c747
    SHA-256: 0a2770d7a2e2fbb583636d7ba1b9023a7555f0708229de5f481b6161a3af1cbe
    Size: 1.79 MB
  9. kernel-debug-modules-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: ab2347adb3a7cc5234f1f35d059a3ac0
    SHA-256: cee67ea36225e13cd68e6ff6a3c82cea781bb582022ffb35a991128845218b1b
    Size: 67.41 MB
  10. kernel-debug-modules-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 581de7ca6edc224204a17452afe287fd
    SHA-256: afc365b81fbc4df5c90cde49e6d899a780846d752d6b7d58eb00d6b7c30655dc
    Size: 48.91 MB
  11. kernel-debug-modules-extra-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 7bbe00d97ca19f9dfc7e461dee02d9cb
    SHA-256: 61058cf9e1bd02699ed48094719d02dcd1b7b1720ac242d0672fa6f68bdabce3
    Size: 2.57 MB
  12. kernel-debug-uki-virt-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 661a66f8c26a07672d83ca3c270d7e92
    SHA-256: c8a8152546cbcac44ffc58c7029d743daa15e1dca30c3596c23a743df423490e
    Size: 84.36 MB
  13. kernel-devel-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: bf3052dd3e60ad2b5e96aa372af39a88
    SHA-256: 536b48ab759a169166c9250cc16ed90005278fe7e4f2b912d81d4f15aa54a66f
    Size: 21.61 MB
  14. kernel-devel-matched-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 96c0b596b46be93a5c916dd035357333
    SHA-256: af4c1b9b1584b172a093f12390606225a4a2bf5f7cda07adb58fa59fd3a24309
    Size: 1.79 MB
  15. kernel-doc-5.14.0-570.37.1.el9_6.noarch.rpm
    MD5: 48df2581a8923f454e38059d1332e671
    SHA-256: e95bf2d6bb57d3df28ea774b954d9d046ee4c52211427a1610bd7d241e65a3e8
    Size: 37.94 MB
  16. kernel-headers-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 709605577075fd306b921fece4bc3699
    SHA-256: 1b306a531238e0bfd8340588e2eb6b1b9919cfaf6e5b607df15e307afc339425
    Size: 3.53 MB
  17. kernel-modules-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 83d8909737351b4fb6c90366a24a7b65
    SHA-256: d14000219e8c6150208b5d0fd6a8b73ab1e67f3283ccb17f903ffdffca0a30cd
    Size: 38.97 MB
  18. kernel-modules-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 5f63f498204871348b3481d0247ab650
    SHA-256: 907d137e58b432e1b0539962f7e88b939b8c8b69ddd5cc475f6a8a8d2a9eeee0
    Size: 30.89 MB
  19. kernel-modules-extra-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 601018c346950601f7fe351bd73627e7
    SHA-256: 3fd4f8a670b56546307140c4f146706c366df8d71decf8e8ea73b5cb4f051387
    Size: 2.21 MB
  20. kernel-rt-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 6cdb7fd29d37fdfb758091219c7d4f30
    SHA-256: e97451c6a4eb4f708cffeb02e80abeba8731755f9b22463ab2581023c1e5795b
    Size: 1.79 MB
  21. kernel-rt-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: c4486213630d814f333b6439183c7031
    SHA-256: 5bd5c4eca038d3603f54cea0a20b502ad1dc1d193921c55aabe2ce10ec4a195f
    Size: 17.76 MB
  22. kernel-rt-debug-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 93eeb41e6854e4cd96a57fe467a6a996
    SHA-256: 270ba0437ec4f19e67b70d34040a9c4d5b85f4f3223d1373507147c9a30d2043
    Size: 1.79 MB
  23. kernel-rt-debug-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 80d272656dae25413e471c4a052c05df
    SHA-256: f7b1acb05375ebc583f734e5855323873bfdc34c89fcea77f153e9c2db19304f
    Size: 19.17 MB
  24. kernel-rt-debug-devel-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: a6214aa776cf7d43d5b9c768bec6753e
    SHA-256: cb1e403e304dd38c7d43dc6ea80f83a0c54f7a20ebe77c68ba47ffc2591773ad
    Size: 21.74 MB
  25. kernel-rt-debug-modules-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: df714719917d4dcfcbcf4812e57ff183
    SHA-256: b9da99b68b0751154a17aa7f3c8dc6663044c1057b36d63db52de5451dbb7887
    Size: 40.37 MB
  26. kernel-rt-debug-modules-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 8f6d0752470128095bf495974474ed0f
    SHA-256: 7340d3f39d63bba30616d4890156f86a93c29841b20cc47bdd21a1fb586300cf
    Size: 31.31 MB
  27. kernel-rt-debug-modules-extra-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 36e99b5903ae9586944e5576a53fee8c
    SHA-256: 531962330f6eb4793d00ee06c5c6f74f41b55fc659fcf70daed94fbc8b820020
    Size: 2.24 MB
  28. kernel-rt-devel-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 81d11427a86ac4ce788713a751f13952
    SHA-256: 53aaa403ec8feacd1c1b2051edc411b80b00f0e35cc034f3c79d5cd878f6a5a4
    Size: 21.59 MB
  29. kernel-rt-modules-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: f62551d345c28b5c01a6318e27d6191c
    SHA-256: c44346575d13992fe1bc18d47a82e868d4b533fe824f3b5332beb886ac505eb5
    Size: 38.97 MB
  30. kernel-rt-modules-core-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 757c6e73177d22b60bf0b683c8134c3b
    SHA-256: a47fc6bff21e91aa005e729a28912ddf6a1aeb78d842b273e5edd734701ddfd9
    Size: 30.26 MB
  31. kernel-rt-modules-extra-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 25f42373c1f218a01fb7e4b4d258dbf0
    SHA-256: da73abb32d20d6c8ef99873a7a481230533f42d81b4baeb5a99a4f56c23987f9
    Size: 2.22 MB
  32. kernel-tools-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: fceda14ed48857cd6a3eddc0d22b11dd
    SHA-256: 44fc9fd0eddeefc0fdcb010ced7e2a68cba9031aa645191bbfa91a4c10cd413a
    Size: 2.07 MB
  33. kernel-tools-libs-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: b74cb5c4ddd0ec699dbdbed464f4b419
    SHA-256: 1278326b379b7a30db8adc0e154823190fd32ffd6a16b4761d7526eda905cb43
    Size: 1.81 MB
  34. kernel-tools-libs-devel-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 8446389d7ead252302fd35c137da0138
    SHA-256: f6f78716242dbb5fa49b4d84e40d5244c5ba7e183772a4bf5d668806fc4a4f74
    Size: 1.80 MB
  35. kernel-uki-virt-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 15f9c081262f9b47d197b78631e77591
    SHA-256: f8352e3a3b78d4bc1df7ddac11602c50eda7a4d8a7ca9bf51731ba760b920be6
    Size: 63.02 MB
  36. kernel-uki-virt-addons-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 52ebe3caa0f301a9d3535face678f5aa
    SHA-256: 33a25b52f6f814e5c1526507daaeb550ce47d0b6f143763fc36b4a90fac12e0e
    Size: 1.81 MB
  37. libperf-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: f401ab63a0174a06e95e62b3e311a25f
    SHA-256: d2734c28507a007dcd26b7f82ebd84568c79558ffd60eaff580157d4d88925d5
    Size: 1.81 MB
  38. perf-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 5c2076e07e10468dac3ecbc81fc3f2f9
    SHA-256: 682bd56bd428898ba2853106e6740d910c577f028e506ca48b560c3f4b83918a
    Size: 4.02 MB
  39. python3-perf-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 019cad3bb328fa472ea7b9f43a2f198e
    SHA-256: b4cdfd54aea4f69abd869df3dd52ac569b278e39e9ebb1ebb4095aa31a8484b7
    Size: 3.20 MB
  40. rtla-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: cd056ebdac917131f32e4b38fca699e7
    SHA-256: 987b035f6b1c51f9ec879c85e11f1baee62a46df0e93416e9f3f57f831b33312
    Size: 1.85 MB
  41. rv-5.14.0-570.37.1.el9_6.x86_64.rpm
    MD5: 83252c69ad9a83c28f72369b6fc451ff
    SHA-256: d83836da79630b285ccc4b72524156af8c2658e753218d0013739571c14fb9c8
    Size: 1.81 MB