kernel-4.18.0-553.78.1.el8_10
エラータID: AXSA:2025-10963:77
リリース日:
2025/10/16 Thursday - 09:40
題名:
kernel-4.18.0-553.78.1.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- kernel の cifs の実装には、メモリ領域の解放後利用の問題が
あるため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-38527)
- kernel の NFS 実装の fs/nfs/export.c の nfs_fh_to_dentry()
関数には、ファイルハンドル長のチェック処理の不備に欠落に起因した
メモリ領域の範囲外読み取りの問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-39730)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-38527
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileInfo_put(cfile) cifsFileInfo_put_final() cifs_sb_deactive() [last ref, start releasing sb] kill_sb() kill_anon_super() generic_shutdown_super() evict_inodes() dispose_list() evict() destroy_inode() call_rcu(&inode->i_rcu, i_callback) spin_lock(&cinode->open_file_lock) <- OK [later] i_callback() cifs_free_inode() kmem_cache_free(cinode) spin_unlock(&cinode->open_file_lock) <- UAF cifs_done_oplock_break(cinode) <- UAF The issue occurs when umount has already released its reference to the superblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this releases the last reference, triggering the immediate cleanup of all inodes under RCU. However, cifs_oplock_break() continues to access the cinode after this point, resulting in use-after-free. Fix this by holding an extra reference to the superblock during the entire oplock break operation. This ensures that the superblock and its inodes remain valid until the oplock break completes.
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break A race condition can occur in cifs_oplock_break() leading to a use-after-free of the cinode structure when unmounting: cifs_oplock_break() _cifsFileInfo_put(cfile) cifsFileInfo_put_final() cifs_sb_deactive() [last ref, start releasing sb] kill_sb() kill_anon_super() generic_shutdown_super() evict_inodes() dispose_list() evict() destroy_inode() call_rcu(&inode->i_rcu, i_callback) spin_lock(&cinode->open_file_lock) <- OK [later] i_callback() cifs_free_inode() kmem_cache_free(cinode) spin_unlock(&cinode->open_file_lock) <- UAF cifs_done_oplock_break(cinode) <- UAF The issue occurs when umount has already released its reference to the superblock. When _cifsFileInfo_put() calls cifs_sb_deactive(), this releases the last reference, triggering the immediate cleanup of all inodes under RCU. However, cifs_oplock_break() continues to access the cinode after this point, resulting in use-after-free. Fix this by holding an extra reference to the superblock during the entire oplock break operation. This ensures that the superblock and its inodes remain valid until the oplock break completes.
CVE-2025-39730
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-4.18.0-553.78.1.el8_10.src.rpm
MD5: 83c40d0f4cbeb08a59ce4d6112891c8e
SHA-256: 886067729b383a1bbd15d3435dbb323674162119aebc9b698d1d1ab913cde87f
Size: 132.27 MB
Asianux Server 8 for x86_64
- bpftool-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: d560225def9de4654878ec790833b507
SHA-256: c5bcadc206e3c35c020f433ea122ea9889342e2a36c3b156503fd52695c8bc40
Size: 11.24 MB - kernel-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 2ab3a1570c1f0eee1a36da8cb7975b4b
SHA-256: 1894eb66cc1952466fad6b47720a09267b1d643267b66c581db51c85aa597429
Size: 10.51 MB - kernel-abi-stablelists-4.18.0-553.78.1.el8_10.noarch.rpm
MD5: 7c30a4120487e36756f6c2ca103e1d9c
SHA-256: 7aefc707d0fb9c46260ad639b223902acfa138a03c1b8d72f8a8f48dc0f67c02
Size: 10.53 MB - kernel-core-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 969ff4db36dfbec35d476d3c4a219e97
SHA-256: 807e23291102c9efbd3cca818e16ea0e431182034b405243b01bcbf311a9cdba
Size: 43.54 MB - kernel-cross-headers-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 5e547023bbfe9fbf363b2e4a1046ca21
SHA-256: ad501f04d4cf173f707a857651d1372983cad262b3536db9645765babdfbfa10
Size: 15.86 MB - kernel-debug-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 6409738a4f818ef39f043da1f79af793
SHA-256: 44862315aaaef91373b380a9d83ee2ce41240ccd3b6c697f32e51fcb9dfc470e
Size: 10.51 MB - kernel-debug-core-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 5efaf376c69a9cb8db6c90d2baf07257
SHA-256: d58375721239c2daa840ec4f5b9520f4d3e3b157118c2663039a97c70089b67c
Size: 72.82 MB - kernel-debug-devel-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 31574919d7bc7f270c8c30ff5a1d9cc8
SHA-256: 110f29962c883401bf1d06c8125ff1ea46c19e17f4b3fa5b62d397411f01866f
Size: 24.35 MB - kernel-debug-modules-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 74b8551c72d166f13d63781c9d15b11d
SHA-256: 8bf8fac8b020a30f66eb9676ab5f73648c3cc4628dc2b789da47cd0d51c22a0a
Size: 65.96 MB - kernel-debug-modules-extra-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 9e98bfa51d5bd20fb845e2628e2e73c7
SHA-256: 784cfb386ab2a9f3c46ce61e60b6b80b6430d1dd2f2295ac1470d8a1bab88777
Size: 11.89 MB - kernel-devel-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: d9876aa7467d649c692bb47d2002e2b0
SHA-256: e925e080f65157b60193ede24648b96bb513e4b59538af4c13fc383703653574
Size: 24.15 MB - kernel-doc-4.18.0-553.78.1.el8_10.noarch.rpm
MD5: b29f1f63d5115972b35f0029e6c612f5
SHA-256: b87e28013ea996446ecd7be36a5580eaa11e51694f36003711748dc7c4a25343
Size: 28.37 MB - kernel-headers-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: e7a47eba3eade4d56b0e7943d0faa06b
SHA-256: d48dd7854ea990cefe5712c9c68f7043f97257a84e7e5f37f963e75a73ed4987
Size: 11.86 MB - kernel-modules-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: aab036467d2e6dd67f8ef80a618b711d
SHA-256: 6f8b4390cc56aa489513f16cc07ecda79fdf2b21144cb22cc9874969d2379916
Size: 36.34 MB - kernel-modules-extra-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 7896309791c37d5600fcf5381985a009
SHA-256: e682fa8a2c448d993d44e9a5abb1c300ae0b1ff54348008b1d3427b03ecc270a
Size: 11.20 MB - kernel-tools-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 8661ea186331dfe318097ac866643140
SHA-256: b1334cc91a925b3a5dd025e948583346aa6e31c525a38a1bafaf5898cbb70968
Size: 10.73 MB - kernel-tools-libs-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 49290b81127cfe5610bcdbbf93d2c7ed
SHA-256: 3b0caad65e4b9bf24a6f843b2b5880e3cf1e8668e3eaec74b131f857f712d6ff
Size: 10.52 MB - kernel-tools-libs-devel-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: be3c3c603336c43efda73adb16597fa2
SHA-256: 91c2a7fbe90434a6dc84352f39e1528cc5842a7fee18fc7f1d0347c7e49a1776
Size: 10.51 MB - perf-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 5b211e0a3f7c410c58e1f9c65b99a0ed
SHA-256: cba70581512c633493562ae4a7afe424d14c580c075facb74adfe8c9f534792d
Size: 12.83 MB - python3-perf-4.18.0-553.78.1.el8_10.x86_64.rpm
MD5: 110b25b112739c902b1c87936075ed7c
SHA-256: 434aafffdd594684413ae3d610149d4b578f61454e2e82d3ee29f39c53311a14
Size: 10.64 MB
English