kernel-5.14.0-570.55.1.el9_6

エラータID: AXSA:2025-10993:82

リリース日: 
2025/10/28 Tuesday - 09:25
題名: 
kernel-5.14.0-570.55.1.el9_6
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- kernel の SCPI ドライバには、メモリ領域の解放後利用の問題が
あるため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2022-50087)

- kernel の NFSD の実装には、戻り値のチェック処理が欠落している
ため、ローカルの攻撃者により、情報の漏洩、およびサービス拒否攻撃
を可能とする脆弱性が存在します。(CVE-2025-22026)

- kernel の SunRPC の実装には、メモリ領域の解放後利用、および
不正なメモリアクセスの問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-38566)

- kernel の SunRPC の実装には、リモートの攻撃者により、サービス
拒否攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2025-38571)

- kernel の efivarfs の実装には、メモリ領域の範囲外読み取りの
問題があるため、ローカルの攻撃者により、情報の漏洩、データ破壊、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-39817)

- kernel の SCSI ドライバには、メモリ領域の解放後利用の問題が
あるため、ローカルの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-39841)

- kernel の WiFi スタックの net/wireless/sme.c の
__cfg80211_connect_result() 関数には、SSID 長のチェック処理の
欠落に起因したメモリ領域の範囲外書き込みの問題があるため、WiFi
通信が可能範囲内にいる攻撃者により、細工された WiFi パケットの
送信を介して、情報の漏洩、データ破壊、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2025-39849)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2022-50087
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it is not taken care, then it could result use-after-free as the value is exported via get_scpi_ops() and could refer to a memory allocated via devm_kzalloc() but freed when the probe fails.
CVE-2025-22026
In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register() Currently, nfsd_proc_stat_init() ignores the return value of svc_proc_register(). If the procfile creation fails, then the kernel will WARN when it tries to remove the entry later. Fix nfsd_proc_stat_init() to return the same type of pointer as svc_proc_register(), and fix up nfsd_net_init() to check that and fail the nfsd_net construction if it occurs. svc_proc_register() can fail if the dentry can't be allocated, or if an identical dentry already exists. The second case is pretty unlikely in the nfsd_net construction codepath, so if this happens, return -ENOMEM.
CVE-2025-38566
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-data record payload between the control message buffer (which includes the type such as TLS aler or TLS cipher change) and the rest of the payload (say TLS alert's level/description) which goes into the msg payload buffer. This patch proposes to rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed msg buffer and read in the control message such as a TLS alert. Msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterator before calling into the tls_alert_recv.
CVE-2025-38571
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the rework how control messages are setup and used by sock_recvmsg(). If no control message structure is setup, kTLS layer will read and process TLS data record types. As soon as it encounters a TLS control message, it would return an error. At that point, NFS can setup a kvec backed control buffer and read in the control message such as a TLS alert. Scott found that a msg iterator can advance the kvec pointer as a part of the copy process thus we need to revert the iterator before calling into the tls_alert_recv.
CVE-2025-39817
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_check_range+0xe8/0x190 __asan_loadN+0x1c/0x28 memcmp+0x98/0xd0 efivarfs_d_compare+0x68/0xd8 __d_lookup_rcu_op_compare+0x178/0x218 __d_lookup_rcu+0x1f8/0x228 d_alloc_parallel+0x150/0x648 lookup_open.isra.0+0x5f0/0x8d0 open_last_lookups+0x264/0x828 path_openat+0x130/0x3f8 do_filp_open+0x114/0x248 do_sys_openat2+0x340/0x3c0 __arm64_sys_openat+0x120/0x1a0 If dentry->d_name.len < EFI_VARIABLE_GUID_LEN , 'guid' can become negative, leadings to oob. The issue can be triggered by parallel lookups using invalid filename: T1 T2 lookup_open ->lookup simple_lookup d_add // invalid dentry is added to hash list lookup_open d_alloc_parallel __d_lookup_rcu __d_lookup_rcu_op_compare hlist_bl_for_each_entry_rcu // invalid dentry can be retrieved ->d_compare efivarfs_d_compare // oob Fix it by checking 'guid' before cmp.
CVE-2025-39841
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same.
CVE-2025-39849
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. kernel-5.14.0-570.55.1.el9_6.src.rpm
    MD5: fbfa5b90fc6007035eccbc58238f5045
    SHA-256: 602ebcc082d0c6acc7cf37c392f1fef77737b81568a4e33c3116a2b16b9e0e75
    Size: 142.61 MB

Asianux Server 9 for x86_64
  1. kernel-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 08e3a3dc97204277859adad5c2f42a43
    SHA-256: 8550e6443323d24691a5f64833f652a40a3bea1d3e73d676d6f2f74f1dffa56e
    Size: 1.82 MB
  2. kernel-abi-stablelists-5.14.0-570.55.1.el9_6.noarch.rpm
    MD5: b1fddf84a7451b9d341889e262935597
    SHA-256: d407b315ce6386e6ef18d49fc9d532d450e33a58936ac4dfdc8eaa7ccf2e4bd2
    Size: 1.84 MB
  3. kernel-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 0cff6773d260ea9e5cff5c2759ede89c
    SHA-256: 5c008d5cbd6004e282cbfb99326884d14adf08327b72ab22d92dff972e1f30f6
    Size: 17.89 MB
  4. kernel-cross-headers-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 4c318fbc2e7539b32d481e051027de15
    SHA-256: e058ada74a6ca6df760e99626e9ee7dce26788d66514628c5793fbd7162f2e04
    Size: 8.68 MB
  5. kernel-debug-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: f960a546d2143774936a2ea27e5f41a3
    SHA-256: 4923e2e644160ff01198fe7baac301a932e19454e281ccaa9c6cc22d6c5552ce
    Size: 1.82 MB
  6. kernel-debug-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: afe91d16e3d659c3cfa700e3ca10042b
    SHA-256: 4752de8009a2bda07fa2d29eec7b2ed427cb1eae23abe1c53c75924e44e02694
    Size: 31.33 MB
  7. kernel-debug-devel-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: be9ae6466864c3b99d67ea0a53d0edfe
    SHA-256: 2722dbe3a89640777167667ecb5e01ba66f4fa4baf2f944e2d9eaf23d17d19a9
    Size: 21.81 MB
  8. kernel-debug-devel-matched-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 41369ab3c32977eb06260eb2dff5b80e
    SHA-256: accb63cb511d39bfef19056e400aef8d3d30ff3b2447b1faddbe495ed56ba7c0
    Size: 1.82 MB
  9. kernel-debug-modules-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 79fd650091d79d8665fc153cebfac791
    SHA-256: 20444a656db2d7a138a527a85c2b4930ae4324552495d67048fed0510be6d825
    Size: 67.60 MB
  10. kernel-debug-modules-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: aed8ff877f60cb1b70bb3a7ffd2114d1
    SHA-256: 4285da94b6121266b3ed6adf8ae8f3ac95ca64ba1d97f2860ee13441900e02b2
    Size: 48.95 MB
  11. kernel-debug-modules-extra-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: ed6e00da37fcd01ceaa02ca730cd760b
    SHA-256: b034e89839645b360ce8d95732f69f857a5da96141486e2a1e208a1f79610eb9
    Size: 2.59 MB
  12. kernel-debug-uki-virt-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 06d0609222f92586550ace4914985fd2
    SHA-256: 693b74bc17f3a5179a058156c91d734d648ba220d074cb4fef55c8a7627c2500
    Size: 84.51 MB
  13. kernel-devel-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 56b3485cf43e87cef609e8f2eeb78af5
    SHA-256: 10755155a990d5d5ddfab6063e21bc172c2161d72c86edaf0d0412a68e09e850
    Size: 21.64 MB
  14. kernel-devel-matched-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 1db0a6cbd7b8ab42ce780898383599e2
    SHA-256: 017619ee20713a911b7e9553ad886844306429342684d684f0e6d26da9597432
    Size: 1.82 MB
  15. kernel-doc-5.14.0-570.55.1.el9_6.noarch.rpm
    MD5: 6a61e8786fc52eb5298955e0c4e7265e
    SHA-256: 057fe58cefdf0b3fca188669a78a2279c84aac7c4f3d29c24d6433b1d6487527
    Size: 37.97 MB
  16. kernel-headers-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: f060fa10b93f94c9bdb4a4bf549abef8
    SHA-256: a1108de0471e3757a404f14ec0ab769f2f29b15468dd72e72fc504a4eb3610dd
    Size: 3.56 MB
  17. kernel-modules-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 58b9389dd6137fef558fb91e641c244e
    SHA-256: e21ce09c247abbdd49efaafe3fa0a30d4b83474f6f9e9f96117ea9d361a8951b
    Size: 39.06 MB
  18. kernel-modules-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: c225f1c23df68d0860f8f27a9e59e2cc
    SHA-256: d01963c36f5b7912484142c5d2a6fac806b98db700bf10409b6f0d52d536d89e
    Size: 30.92 MB
  19. kernel-modules-extra-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 02f663d85aca86b3efbb3408bfa3cbc2
    SHA-256: 469e4cb31ed97bb033f221723e98ca0f855362e70fa4608d2be21bbc133c6987
    Size: 2.24 MB
  20. kernel-rt-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 812276b3fa374addf26f4b931b343763
    SHA-256: 176527dad5c90044b65ab40e37ea01f5371a400f63b7971d3910b9842b3b5c5c
    Size: 1.82 MB
  21. kernel-rt-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: b4becdbdd31f957d41087c7556d1e819
    SHA-256: d948d64bdd99e5bd8e527133d2b3719eca74f330c4b21c22bb1bb6459966c2d7
    Size: 17.79 MB
  22. kernel-rt-debug-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 5d3c9cf34d3e889134ccfd633c227ff5
    SHA-256: 5d54308dfb45316946606bbbe1e6b8d1a6f782138db3c38a91ea1fae742e1465
    Size: 1.82 MB
  23. kernel-rt-debug-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: ad20007a1e9eb5dcf2de38261969cc4e
    SHA-256: c3f1e90670557ea6d2c6b595e7095e8cccd441eaae3344d2cb6532a00df25c23
    Size: 19.19 MB
  24. kernel-rt-debug-devel-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 634196524a09e51b9e89560269fba7ed
    SHA-256: 03c08458ce2049620a3d286a80cf4358f7fa319e6f16a616ee1d0dce94318602
    Size: 21.77 MB
  25. kernel-rt-debug-modules-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: dcd456af9def97a1808da4602a4e4a2e
    SHA-256: 8f1a43eddff2ba70470a4e56fded295b28b2f1148b44cc0fe189c5ae1bf35e99
    Size: 40.47 MB
  26. kernel-rt-debug-modules-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: ff8ffc674382dee34d34628a11a4ad6f
    SHA-256: 920c2c67224a8ab29036b9d43e16322e09f43ae9862bfa3ca6594612ec44b000
    Size: 31.34 MB
  27. kernel-rt-debug-modules-extra-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 818a77206db2e024926b45bbe46173e0
    SHA-256: 5086629bd9b502f95459a09d33a01d58ba43a9fd1e5f8e6e42c14cb0c2a5d6e7
    Size: 2.27 MB
  28. kernel-rt-devel-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 4cd2d2bb88946507bf83944fd02a478d
    SHA-256: 74d9518983f4f9770e632f9a8375008123e522bc5c2e81ac9b27981cf957a693
    Size: 21.62 MB
  29. kernel-rt-modules-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 4630ecef381c1856a319c48b1433b9ef
    SHA-256: 896d915ee0b8b59aa58bd9792cdc1b9ccf26034deb5836ca3e6aee558110e8fd
    Size: 39.07 MB
  30. kernel-rt-modules-core-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: d17342565032a6e54e0dd2527f006bd8
    SHA-256: 51ae87f2b0296e16f839372f494564695c61eb0355d4065a00d84c2948d735d6
    Size: 30.29 MB
  31. kernel-rt-modules-extra-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 1146d427151f5089e783d2ad1b7624d0
    SHA-256: 4533f77bcebcd76afff3b9b9621d1c66b0133ce3a79cb3829e3cfb5876a1f31b
    Size: 2.24 MB
  32. kernel-tools-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 1370bf77f1cbc1b79f54672c41fcbdb2
    SHA-256: 39274037afe2e7e152736601fd045ff8d52cab925b0473513748633657d62861
    Size: 2.10 MB
  33. kernel-tools-libs-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: e2b7d9ba50babf853fe5bcdc4e354858
    SHA-256: 1764a82aebb297d8a68eae403f0222eb400d96b7b6a2a279e2185433c8cf85b4
    Size: 1.83 MB
  34. kernel-tools-libs-devel-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 4053e05eefd95e48f000308505cd90fc
    SHA-256: a5b9ab129c76f6f4bd1b16dfc08c66471aec6ee10d92ade658a03671b7fc36db
    Size: 1.82 MB
  35. kernel-uki-virt-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 7e98d94684d0cf10e3a7c181685ff014
    SHA-256: 9162276404c4e7bb9d535d6d3b6d138e49b337f3e0f12658b57409a26a766de1
    Size: 63.17 MB
  36. kernel-uki-virt-addons-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 580caf79f2d4cd2d2884b2ce1eb29451
    SHA-256: 40bfadc6e04a13be88eb9df751544247733eb730d6a3d824f6a27581c708b0d2
    Size: 1.84 MB
  37. libperf-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 0ed1ab92cd32ad343c68cbab303b632c
    SHA-256: ea792b98d61d95b37b86f3a900e5a715b22211c8a2210c4a6ad496c9a1bd5702
    Size: 1.84 MB
  38. perf-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 0ee764b69b98f62d03e10e6d7abc905c
    SHA-256: 3c4f7da3acd0c5f9b6d9a14d45044e527e68ef41291125b44688f7f0a79d5753
    Size: 4.05 MB
  39. python3-perf-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 2fda23d74ed3e1c9ca75f4a8c7f3b2b9
    SHA-256: 7dc7e48cea39ae6cb33960de32efbb5ae07890643be4c247a50f2f493b604ba7
    Size: 3.22 MB
  40. rtla-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 4014ccf4f1186d9b54ac746844975ca1
    SHA-256: cc763e2924c35922839ef7fdbe34203212741b6601a43eafdb65f7071b5c4a7f
    Size: 1.88 MB
  41. rv-5.14.0-570.55.1.el9_6.x86_64.rpm
    MD5: 7000782cb0a7eed87a5ec09be5919400
    SHA-256: 36c20894df6141bab58cb38139035af078386788b7ce959b5b47dedb1aa5476b
    Size: 1.83 MB