Release Info

Advisory: CLSA-2025:1766488019

OS: TuxCare 9.6 ESU

Public date: 2025-12-23 11:07:01.370686

Project: kernel

Version: 5.14.0-570.62.1.el9_6.tuxcare.1.els1

Errata link: https://errata.tuxcare.com/els_os/tuxcare9.6esu/CLSA-2025-1766488019.html

Changelog

- scsi: target: iscsi: Fix timeout on deleted connection {CVE-2025-38075} - tls: wait for pending async decryptions if tls_strp_msg_hold fails {CVE-2025-40176} - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - rcu: Fix rcu_read_unlock() deadloop due to IRQ work {CVE-2025-39744} - page_pool: Fix use-after-free in page_pool_recycle_in_ring {CVE-2025-38129} - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access {CVE-2025-38704} - bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors {CVE-2024-56675} - padata: Fix pd UAF once and for all {CVE-2025-38584} - padata: do not leak refcount in reorder_work {CVE-2025-38031} - Bluetooth: MGMT: Fix possible UAFs {CVE-2025-39981} - Bluetooth: MGMT: Protect mgmt_pending list with its own lock {CVE-2025-38117} - Bluetooth: MGMT: Remove unused mgmt_pending_find_data - Bluetooth: MGMT: set_mesh: update LE scan interval and window - Bluetooth: hci_sync: fix set_local_name race condition {CVE-2025-39797} - xfrm: Duplicate SPI Handling {CVE-2025-39797} - kernfs: Fix UAF in polling when open file is released {CVE-2025-39881} - OPP: add index check to assert to avoid buffer overflow in _read_freq() {CVE-2024-57998} - block: fix uaf for flush rq while iterating tags {CVE-2024-58072} {CVE-2024-53170} - wifi: rtlwifi: remove unused check_buddy_priv {CVE-2024-58072} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() {CVE-2024-58014} - block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() {CVE-2025-21631} - net: af_can: do not leave a dangling sk pointer in can_create() {CVE-2024-40954} - Squashfs: sanity check symbolic link size {CVE-2024-46744} - e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} - wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864} - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - i40e: fix idx validation in config queues msg {CVE-2025-39971} - NFS: Fix a race when updating an existing write {CVE-2025-39697} - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} - wifi: mt76: fix linked list corruption {CVE-2025-39918} - io_uring/waitid: always prune wait queue entry in io_waitid_wait() {CVE-2025-40047} - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync {CVE-2025-39982} - workqueue: Put the pwq after detaching the rescuer from the pool {CVE-2025-21786} - zram: fix potential UAF of zram table {CVE-2025-21671} - sched: sch_cake: add bounds checks to host bulk flow fairness counts {CVE-2025-21647} - wifi: mt76: mt7925: fix off by one in mt7925_load_clc() {CVE-2024-57990} - blk-cgroup: Fix UAF in blkcg_unpin_online() {CVE-2024-56672} - NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() {CVE-2024-54456} - nfsd: release svc_expkey/svc_export with rcu_work {CVE-2024-53216} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - x86/tdx: Fix "in-kernel MMIO" check {CVE-2024-47727} - drm/amd/display: Check dce_hwseq before dereferencing it {CVE-2025-38361} - dm-bufio: don't schedule in atomic context {CVE-2025-37928} - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling {CVE-2025-37882} - KVM: arm64: Tear down vGIC on failed vCPU creation {CVE-2025-37849} - usb: xhci: Apply the link chain quirk on NEC isoc endpoints {CVE-2025-22022} - drm/amd/display: Fix out-of-bound accesses {CVE-2025-21985} - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702} - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} - ipmr: do not call mr_mfc_uses_dev() for unres entries {CVE-2025-21719} - net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789} - isofs: Prevent the use of too small fid {CVE-2025-37780} - sctp: detect and prevent references to a freed transport in sendmsg {CVE-2025-23142} - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - KVM: x86: Reset IRTE to host control if *new* route isn't postable {CVE-2025-37885} - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() {CVE-2025-37819} - drm/amd/display: Fix slab-use-after-free on hdcp_work {CVE-2025-21968} - netfilter: nft_tunnel: fix geneve_opt type confusion addition {CVE-2025-22056} - io_uring: prevent opcode speculation {CVE-2025-21863} - geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858} - vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791} - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() {CVE-2025-21780} - net: sched: fix ets qdisc OOB Indexing {CVE-2025-21692}

Update

Update command: dnf update kernel*

Packages list

kernel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-abi-stablelists-5.14.0-570.62.1.el9_6.tuxcare.1.els1.noarch.rpm kernel-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-cross-headers-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-debug-uki-virt-addons-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-doc-5.14.0-570.62.1.el9_6.tuxcare.1.els1.noarch.rpm kernel-headers-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-ipaclones-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-kvm-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-debug-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-devel-matched-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-kvm-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-modules-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-modules-core-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-modules-extra-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-modules-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-rt-modules-partner-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-selftests-internal-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-tools-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-tools-libs-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-uki-virt-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm libperf-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm libperf-devel-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm perf-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm python3-perf-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm rtla-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm rv-5.14.0-570.62.1.el9_6.tuxcare.1.els1.x86_64.rpm