kernel-5.14.0-687.5.3.el9_8
エラータID: AXSA:2026-989:44
リリース日:
2026/06/25 Thursday - 13:17
題名:
kernel-5.14.0-687.5.3.el9_8
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- kernel の Crypto サブシステム (authencesn テンプレート) には、
NULL ポインタデリファレンスの問題があるため、近隣のネットワーク
上の攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-23060)
- kernel の Crypto サブシステム (AF_ALG) には、AEAD の処理における
インプレース最適化と authencesn におけるメモリ領域の範囲外書き込み、
splice(2) によるページキャッシュの参照渡しが意図せず連鎖する問題が
あるため、ローカルの攻撃者により、特権昇格を可能とする脆弱性が存在
します。(CVE-2026-31431)
- kernel の Crypto サブシステム (AF_ALG) には、リソースの制限を
実施していない問題があるため、ローカルの攻撃者により、サービス拒否
攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2026-31677)
- kernel のネットワークスタック (xfrm-ESP) には、パケット処理に
おけるインプレース復号と条件分岐の不備によるコピー作成 (COW) の
バイパス、splice(2) によるページキャッシュの参照渡しが意図せず
連鎖する問題があるため、ローカルの攻撃者により、特権昇格を可能と
する脆弱性が存在します。(CVE-2026-43284)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-23060
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() can advance past the end of the destination scatterlist and trigger a NULL pointer dereference in scatterwalk_map_and_copy(), leading to a kernel panic (DoS). Add a minimum AAD length check to fail fast on invalid inputs.
CVE-2026-31431
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVE-2026-31677
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to the remaining receive buffer budget. af_alg_get_rsgl() currently uses af_alg_readable() only as a gate before extracting data into the RX scatterlist. Limit each extraction to the remaining af_alg_rcvbuf(sk) budget so that receive-side accounting matches the amount of data attached to the request. If skcipher cannot obtain enough RX space for at least one chunk while more data remains to be processed, reject the recvmsg call instead of rounding the request length down to zero.
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to the remaining receive buffer budget. af_alg_get_rsgl() currently uses af_alg_readable() only as a gate before extracting data into the RX scatterlist. Limit each extraction to the remaining af_alg_rcvbuf(sk) budget so that receive-side accounting matches the amount of data attached to the request. If skcipher cannot obtain enough RX space for at least one chunk while more data remains to be processed, reject the recvmsg call instead of rounding the request length down to zero.
CVE-2026-43284
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().
In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place over data that is not owned privately by the skb. Mark IPv4/IPv6 datagram splice frags with SKBFL_SHARED_FRAG, matching TCP. Also make ESP input fall back to skb_cow_data() when the flag is present, so ESP does not decrypt externally backed frags in place. Private nonlinear skb frags still use the existing fast path. This intentionally does not change ESP output. In esp_output_head(), the path that appends the ESP trailer to existing skb tailroom without calling skb_cow_data() is not reachable for nonlinear skbs: skb_tailroom() returns zero when skb->data_len is nonzero, while ESP tailen is positive. Thus ESP output will either use the separate destination-frag path or fall back to skb_cow_data().
追加情報:
N/A
ダウンロード:
SRPMS
- kernel-5.14.0-687.5.3.el9_8.src.rpm
MD5: 3bff96282ef1fa1dedb2efd9af877866
SHA-256: 8c65b8e50e7a049409bef0fffaac772d6698771ec38a1ca0ebb126489273905e
Size: 145.26 MB
Asianux Server 9 for x86_64
- kernel-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: bfd215a52930df063f9871bc78a0fd3e
SHA-256: e3543c0187d4ad6951ced28739b7e75ce0e668b4dc2e6b9f62ce41847c350663
Size: 920.21 kB - kernel-abi-stablelists-5.14.0-687.5.3.el9_8.noarch.rpm
MD5: 4c4c7ade5bbdcd1404f952523c90b41e
SHA-256: 1f25b7d358dc69048123af8c7420864f1dde4871b589d4eab1b2c08505e859c4
Size: 955.50 kB - kernel-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 0e49efc79f8c88268adf717d5f1c59d8
SHA-256: 20289e6878e99cf9be0530d9625f6ce53a245a9743315d3fd92b671c94db5d86
Size: 17.21 MB - kernel-cross-headers-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: fc752bcc5f5ca046c7f570ee941589d0
SHA-256: 179660c2163572e4e8300938adf122facd711dca574b3b05f3ae5bc24f95a210
Size: 7.96 MB - kernel-debug-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 5cdfd71d3a9a07cbc542bfca6efe5592
SHA-256: 3b7f3e94266fa1e7049c7138a208530041b5e6e675ced351f252a2b90c6b623d
Size: 920.30 kB - kernel-debug-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 3160533d9e13b6cff1e7bd16a75c775e
SHA-256: 4198d1420abc171102954b6864a408b85625e251c630e28c277d870703a56f88
Size: 31.07 MB - kernel-debug-devel-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 9e0ade561cdd12924c4e0c7c44f0b567
SHA-256: 803671161b53167430ce9a0c1716e6ce6b12d6f439699ca6d70ce5e2282b2d77
Size: 21.31 MB - kernel-debug-devel-matched-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 48984767439d41c01819c715184f983c
SHA-256: d71c09e318a1ca72c0a050c81c819c1186bb3fde636721d6546c74992bd44350
Size: 920.28 kB - kernel-debug-modules-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 2fa23c3754542c89d65e433a1b3afc69
SHA-256: 6d41a2a24b51b6615ac8bdbdf8d62c91dfdfb9655f7769262151976ddbe6077d
Size: 70.04 MB - kernel-debug-modules-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 0d8a2679d82a98fe07db6af82501ea41
SHA-256: 060f1a2833eaed7f761423df39ade81d4efcfdc54dd6debf4c38cc636d1cec78
Size: 49.69 MB - kernel-debug-modules-extra-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 15c20425234b7274aa3361765ffcce59
SHA-256: 278743e4f3f874fba88f06214baaea755affcaf53cc3e8a6c7c57e92a9dacd1a
Size: 1.70 MB - kernel-debug-uki-virt-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 6eeecab1bfd5c53bbfa0aaeab2ad18ec
SHA-256: cdb210c070fd615b1d132826751b7272a8d0e9b40af124622bff3044cd2dc14f
Size: 88.07 MB - kernel-devel-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 32955f27fd3fa1c7ef089f8da2e74f0b
SHA-256: 39d47c2a1d97bf86b3ec8616c681b8c8725347c90325ffe8f08d19e77cd98ece
Size: 21.11 MB - kernel-devel-matched-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 23f6c6d7967b08cdc4fe1019b606d8d9
SHA-256: c06e4d593364d40eb923e9bcc01d671f5e5580f76c08a983166fb2dc79372834
Size: 920.25 kB - kernel-doc-5.14.0-687.5.3.el9_8.noarch.rpm
MD5: 1929a2da23d2a84bd15ef667ecde561e
SHA-256: 891b287ba5cd088ae682260af489c07561ea32baf3c01b34ebbd02fd4511df87
Size: 38.88 MB - kernel-headers-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 5cdd34620a8eb9255863fa5d2f04d9e3
SHA-256: c18162847437b22473375bc7e326cfb1e21ad69524b0af30208e27b2502664ab
Size: 2.69 MB - kernel-modules-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 945a209047617cd6bd030b2577a6b140
SHA-256: c67e468b3cfbff78c157e201aec77539e399a56abf030b8e09dfd0ff9feaf783
Size: 39.90 MB - kernel-modules-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 15c86f251560644bb70b18a64eb868e4
SHA-256: 77b3b3b3c4f714e2aa4f1f94607e0f7f94da706230382ba71c96c0c546b3fae5
Size: 30.91 MB - kernel-modules-extra-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: f5d548c2bd25a2fbc55cdc16ded7473f
SHA-256: afa3c6f378d243ab099a357ae67e7c85741c6460b97933f5ddfb355cc4e8d2d2
Size: 1.34 MB - kernel-rt-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 6bf46910c2ecafe3e95990324ebdaab2
SHA-256: 2a750f87c5541798011141958f6802aed38b78be252022094dbe2e141768ba35
Size: 920.29 kB - kernel-rt-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: d0ceaa03e50ef86aacc2ba054d189c08
SHA-256: 59cbe0fd0fac93d87c2cdd8d08c03580503b51a8d541f20deaedff7694942667
Size: 17.12 MB - kernel-rt-debug-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 36c58eaa9b272eb9aa5b506217856f58
SHA-256: 8a5601b5d06550bb83a1af13f05f9048c949fb74c6df1d33a56422afc08e6826
Size: 920.35 kB - kernel-rt-debug-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: ec17964f98220035d56f3b831467cf15
SHA-256: e8bf0a837b8b986534f036ddf19c677a2f91f629552c90f68e31126a0ed11545
Size: 18.56 MB - kernel-rt-debug-devel-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 3bbc0885e6847ac611fda2ca98ba2913
SHA-256: fff28b52d9004677b3d4af9c5ab832b3445a939fdaf8e4d99ad0dfdfea50490c
Size: 21.25 MB - kernel-rt-debug-modules-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: e3932d08a46fd14e0e9a43a783194228
SHA-256: 377255525ce508eff69f2ba40383b4d85500c7bf9a096e71642c7e1b50081bcc
Size: 41.47 MB - kernel-rt-debug-modules-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 36385efe73eb699b96828ceecdd961dd
SHA-256: 8b5cba37efaf2cbb52aaa20b105ee669eec37e6a7a574f47799794751308fb36
Size: 32.07 MB - kernel-rt-debug-modules-extra-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: acd3b83e35ce2d834b3b94c908452c55
SHA-256: f9e8e74f9fe2574640bd9c209a53d64cb16c1aa6862302e8c76812d458236373
Size: 1.36 MB - kernel-rt-devel-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: b0d03f3477e88694e4b229e4b238f690
SHA-256: 5a01984d6ab209a3853389c9fb3edc5524743041dc7c34ea8832997ee4c90c60
Size: 21.10 MB - kernel-rt-modules-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: dd176fd974b702288236f3dca523599c
SHA-256: 15ba6cf4a5ace7a784c3db7237c41ef7f719efb971590a780ed41b14947bc3dc
Size: 39.92 MB - kernel-rt-modules-core-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 3a89a9e74fdf733e4807db73dd3ce0f4
SHA-256: b8ab05bf144659fa3fdf0a03a7860bac2afcf7047d6b57446e6d134c3d370e49
Size: 30.98 MB - kernel-rt-modules-extra-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 29ba5f2768bb1fbd1872495c62c05cc5
SHA-256: 842c2c10deb0dddefe7637ad050b31f11b9adefe9a12e62342cb057d303ff59b
Size: 1.34 MB - kernel-tools-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: b9e97aad304419b852390247e2603276
SHA-256: b7215206f821ad44f74bd6ddf8921b94dc033c48b5b10277004b2ec9d787cfd7
Size: 1.19 MB - kernel-tools-libs-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: abef9232dbd89e3ff050ca7f6ee1d4e2
SHA-256: 65f74cdd3ac09e61257518f19cbf689456ec6f034b23a689c7f68e1bc9dabf3b
Size: 932.99 kB - kernel-tools-libs-devel-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 24b71bd42288dea3d7d18bef13f92028
SHA-256: 7e5f21984887275d0a1f09fac4126c68dcfab5a78895d9d59ad2e6a13e9c394c
Size: 922.75 kB - kernel-uki-virt-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: a609c554e63cc70223ad7f38fd1350eb
SHA-256: c0c26b0316dcff589ba0edc0d8f1de4c5692ff9b22e3a41148310816e2d9d6d3
Size: 65.90 MB - kernel-uki-virt-addons-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: ae703b072cf9bc7f2ba3dbd5d2dbf043
SHA-256: 550a759ea9c98a30cd9e7aeb701563249dc9128573d1a392f04fbac8c67ff6fd
Size: 942.91 kB - libperf-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: b8c7acb2cbdb8ede0af7a187bf9b6f01
SHA-256: 23dcb2ca77f98f74388da24cf4405c7e0b9aec21e91a77709202b7fe7700e3e8
Size: 941.29 kB - perf-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 0a2862b2f34b1946250688ff8d18fba0
SHA-256: 5947f8aef096af712c69c73dca28a7dc0e64ea5b7e1ad5efe1dc2b40156b31a8
Size: 3.31 MB - python3-perf-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: f61db5b116097a33e10fc9cd9b8a45c0
SHA-256: d6e5b6672001a7751579c1efe0871bdf9d072dbc857df86862927fecf4a701cf
Size: 2.48 MB - rtla-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: d51dd285a5c4d9aa6b5a0c3306aa4b4e
SHA-256: 00ed8af5e4bea23e2ac0613745ae8ed4636ad17d8810fa19574d7a8ba2f0487c
Size: 0.97 MB - rv-5.14.0-687.5.3.el9_8.x86_64.rpm
MD5: 753ce318725c7be74dc8fe247989461c
SHA-256: 0276418d1a5418d569231e9c2332f966acf4a6dfe941b0c2d5f2fa6dcdd54603
Size: 936.53 kB