kernel-4.18.0-553.74.1.el8_10

エラータID: AXSA:2025-10841:67

リリース日: 
2025/09/11 Thursday - 17:56
題名: 
kernel-4.18.0-553.74.1.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- kernel の BPF の実装には、メモリ領域の範囲外アクセスの問題が
あるため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2022-49985)

- kernel のスケジューラの実装には、メモリ領域の解放後利用、
および競合状態に至る問題があるため、ローカルの攻撃者により、
特権昇格、およびサービス拒否攻撃 (クラッシュの発生) を可能とする
脆弱性が存在します。(CVE-2025-38352)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-49985
In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0 Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489 CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: dump_stack_lvl+0x9c/0xc9 print_address_description.constprop.0+0x1f/0x1f0 ? bpf_int_jit_compile+0x1257/0x13f0 kasan_report.cold+0xeb/0x197 ? kvmalloc_node+0x170/0x200 ? bpf_int_jit_compile+0x1257/0x13f0 bpf_int_jit_compile+0x1257/0x13f0 ? arch_prepare_bpf_dispatcher+0xd0/0xd0 ? rcu_read_lock_sched_held+0x43/0x70 bpf_prog_select_runtime+0x3e8/0x640 ? bpf_obj_name_cpy+0x149/0x1b0 bpf_prog_load+0x102f/0x2220 ? __bpf_prog_put.constprop.0+0x220/0x220 ? find_held_lock+0x2c/0x110 ? __might_fault+0xd6/0x180 ? lock_downgrade+0x6e0/0x6e0 ? lock_is_held_type+0xa6/0x120 ? __might_fault+0x147/0x180 __sys_bpf+0x137b/0x6070 ? bpf_perf_link_attach+0x530/0x530 ? new_sync_read+0x600/0x600 ? __fget_files+0x255/0x450 ? lock_downgrade+0x6e0/0x6e0 ? fput+0x30/0x1a0 ? ksys_write+0x1a8/0x260 __x64_sys_bpf+0x7a/0xc0 ? syscall_enter_from_user_mode+0x21/0x70 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f917c4e2c2d The problem here is that a range of tnum_range(0, map->max_entries - 1) has limited ability to represent the concrete tight range with the tnum as the set of resulting states from value + mask can result in a superset of the actual intended range, and as such a tnum_in(range, reg->var_off) check may yield true when it shouldn't, for example tnum_range(0, 2) would result in 00XX -> v = 0000, m = 0011 such that the intended set of {0, 1, 2} is here represented by a less precise superset of {0, 1, 2, 3}. As the register is known const scalar, really just use the concrete reg->var_off.value for the upper index check.
CVE-2025-38352
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-4.18.0-553.74.1.el8_10.src.rpm
    MD5: 9356b545946e01ecd750224df51fb88f
    SHA-256: 7a0b92aa24f42233fa393600c3a97f9394fbf13d892bd9ee265232fae6b3e08d
    Size: 132.26 MB

Asianux Server 8 for x86_64
  1. bpftool-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 432509118d951531c52d37e588f54598
    SHA-256: a3837d76849c76832d560056baff8a63d6ef73bcae1840465d902d2707b5671e
    Size: 11.23 MB
  2. kernel-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 361c8c80855608d70d02fc06b30b4038
    SHA-256: f40337fab9ffc9b116ae12019305e6dd2518655bd738aabace423157715b0341
    Size: 10.51 MB
  3. kernel-abi-stablelists-4.18.0-553.74.1.el8_10.noarch.rpm
    MD5: 52d029a2cb1bae5341674d9e314d6479
    SHA-256: dcc9365f267fb0f356c8c90f05233f6cafdef70378ca58c34f8da70988b03b49
    Size: 10.53 MB
  4. kernel-core-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 4ca62fb614d17d3f96c2123e64de0349
    SHA-256: ca291c620272b0237ebfa6c3c28e94b34400f7fcd1e2ed02cf5d31524494f956
    Size: 43.54 MB
  5. kernel-cross-headers-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: b2b787d6f432a63106375fc8d824b99c
    SHA-256: 80a9109f4b437f3bda8c2940c44a025716af39b2ceb1409eba06722351abca50
    Size: 15.85 MB
  6. kernel-debug-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: b86d4da43f4a17d350911137ea8d8aee
    SHA-256: b1804e4b97eb7ee6c2c41a3923c10fa2ba8976db1c08e37b5140d6039e076970
    Size: 10.51 MB
  7. kernel-debug-core-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: af67a7ce73600d000dc34c367f8a127c
    SHA-256: 88a09bc6fa05006126b472b5f793270ef7b89a714ca622f14eb21b96dd77da8a
    Size: 72.82 MB
  8. kernel-debug-devel-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 2c351ebb0de76190c5ca3adffd6fa001
    SHA-256: 626613436d9c025fb59da5ef317adc6cdd050893ae7de8c37450d2949d865c1e
    Size: 24.34 MB
  9. kernel-debug-modules-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: b7886c76b5e18db69d5a43f27dfed941
    SHA-256: 069e14510332c3aed63ea07400f827fcb36ff42aff08274b92923e3733a8de4e
    Size: 65.93 MB
  10. kernel-debug-modules-extra-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 8da993baae31693a372ba8c2fa12dd80
    SHA-256: f3927e32ff48d595164a2e55007363acb50e591b207d169f2b0d6f82642e1a3c
    Size: 11.88 MB
  11. kernel-devel-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: c78f38eed42a290fd363c66d0bad4b89
    SHA-256: 6a3169b9c3acd2b1290fc2be458b2a97356090d7139468d96127fdd29db233da
    Size: 24.14 MB
  12. kernel-doc-4.18.0-553.74.1.el8_10.noarch.rpm
    MD5: 740482cea2aaa0a5ae9659c79e26cd90
    SHA-256: cc96e985066baab684071b3e25a2433a493b87c86bc6d28bd4031c107822cce2
    Size: 28.37 MB
  13. kernel-headers-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: ba56057b95cca7f0d5c1aedee3090c26
    SHA-256: c79a8175f329e85ca697eabdfa8a6e29d2d6ebf57755d0b698eb3b93e9902365
    Size: 11.86 MB
  14. kernel-modules-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: a2a3a4b62d2db05aee16da1905bb814f
    SHA-256: e244acc6eb1fc379c27a20880dea1cb73b7caf00b39d770d3add28209418c2fd
    Size: 36.33 MB
  15. kernel-modules-extra-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 6e1940c1baca363b16d3dd7a9e881f0c
    SHA-256: 580eeddbb399c356a3be5b043860c56437a948ad706a018d3c1d0f23d9b8d481
    Size: 11.20 MB
  16. kernel-tools-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 0575d04d98d61189db1604a96ccceccf
    SHA-256: 01848595fd2dbdf2f1ecec1e946aed371ba01a7769f2086dac7b3f01e16a9d55
    Size: 10.73 MB
  17. kernel-tools-libs-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 47c1459bcea3704d5443100191977e8b
    SHA-256: 5aea712c6727a584b3a216c0aeb9a10ac30db238864b606e7b3f17026df58863
    Size: 10.52 MB
  18. kernel-tools-libs-devel-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 48b7761e1c79306a3b8544a472a286c3
    SHA-256: 1b43744178206afd0af38421c99de450f15149b5bfb54c10467f7af3350dd9c9
    Size: 10.51 MB
  19. perf-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: f8cd2b048802533e1c46158258815b91
    SHA-256: efbab470bfc5622b67471cb7a8e3efe59833b168f8b1e8441902edbafff3ff93
    Size: 12.83 MB
  20. python3-perf-4.18.0-553.74.1.el8_10.x86_64.rpm
    MD5: 993c3b0b9e99992bfaff2f53f41b16bd
    SHA-256: 5735df9ba2ece38f0be23e28303c243f5064fc7cce328dd0ac0eb48b670e19d9
    Size: 10.63 MB