RLSA-2025:20095 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241) * kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147) * kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222) * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216) * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662) * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675) * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690) * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332) * kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901) * kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902) * kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633) * kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652) * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647) * kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655) * kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941) * kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942) * kernel: zram: fix potential UAF of zram table (CVE-2025-21671) * kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680) * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693) * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691) * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696) * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) * kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732) * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795) * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456) * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987) * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014) * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988) * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570) * kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004) * kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742) * kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743) * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989) * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015) * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796) * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786) * kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005) * kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013) * kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777) * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738) * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986) * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726) * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791) * kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020) * kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984) * kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761) * kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771) * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981) * kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977) * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790) * kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741) * kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785) * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765) * kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006) * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012) * kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750) * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072) * kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069) * kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061) * kernel: idpf: convert workqueues to unbound (CVE-2024-58057) * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828) * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826) * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077) * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075) * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837) * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350) * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357) * kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857) * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851) * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855) * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844) * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853) * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847) * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864) * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088) * kernel: acct: perform last write from workqueue (CVE-2025-21846) * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861) * kernel: io_uring: prevent opcode speculation (CVE-2025-21863) * kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976) * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056) * kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749) * microcode_ctl: From CVEorg collector (CVE-2024-28956) * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994) * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116) * kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412) * kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369) * kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-aarch64-baseos-rpms kernel-6.12.0-124.8.1.el10_1.aarch64.rpm 9a2668d99a66949164268b650306fed55a5cfdb08f83d4c060e161d83bdaab4e kernel-64k-6.12.0-124.8.1.el10_1.aarch64.rpm 881176a2984557da34e9d8bea08db536faff291efdf16aadc8a18269da99f7c0 kernel-64k-core-6.12.0-124.8.1.el10_1.aarch64.rpm b1adb1836afdee67efbff98df9b3b3d70396a742724bf8592f0afb709b1c3671 kernel-64k-debug-6.12.0-124.8.1.el10_1.aarch64.rpm 0c855461ba6dd9a41a4bb36b477d784c505bec3e29e0a49092000c36ac5b356a kernel-64k-debug-core-6.12.0-124.8.1.el10_1.aarch64.rpm 4487a7e1526167422f4e9e58139770f780a29b5cb1f024bc24282990c90f144f kernel-64k-debug-modules-6.12.0-124.8.1.el10_1.aarch64.rpm 3ebc163ab3aaa5a7b059a588b23c44ab05f6dcdadd41ea3066dfc74d256179b5 kernel-64k-debug-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm 9c05c5bfe83284abae451f884329ea822050d29e3a79834f5d2e752699b9bacd kernel-64k-debug-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 85ff5dbf8488054f1941d08141479bf1d8622cb63cc22205076ebe882b4a7ddd kernel-64k-modules-6.12.0-124.8.1.el10_1.aarch64.rpm e0f454abb186d7bd123e9e00d49a16c8cfb023668cf31460e3e550b503e04f7b kernel-64k-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm be4afa523e84569ddb0631ec7b6517fcfc9b50c6ccfe68311a4e7d2789945896 kernel-64k-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 1a1ae2caf86c308e336b048bb2b8328405088503c18456e645255ee35259ce39 kernel-abi-stablelists-6.12.0-124.8.1.el10_1.noarch.rpm cf2f27485a692bfdcd43874fea44bab7e5b99670b75801c3af24937fae25e5a1 kernel-core-6.12.0-124.8.1.el10_1.aarch64.rpm d7e1398811b8c41f786758b10efc15756d7c37893d7bf74d7dd8f3e63adceb43 kernel-debug-6.12.0-124.8.1.el10_1.aarch64.rpm 9f369d30d822b8b191bb1e24c5844342f267a68cdfd1665735aa163b84ba554e kernel-debug-core-6.12.0-124.8.1.el10_1.aarch64.rpm ebf2a61e4a94155756e7f8a5639eec79e6b2ef40dc611957d230d44243092a55 kernel-debuginfo-common-aarch64-6.12.0-124.8.1.el10_1.aarch64.rpm 609a1f876f7375ba4bc57f764528567f7dbcfaa7d102c22984dbda2fed74c9b0 kernel-debug-modules-6.12.0-124.8.1.el10_1.aarch64.rpm 104315517f8cd07e491c303f5b5e23eb454727b2c67ff78dd05b9eb35e132810 kernel-debug-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm b73b7128e9e7562b47ebc86e81797d8976a5419ee3f18797861874ed5b1f92bb kernel-debug-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 0919d8640de59f9381936657807584143a9a32aeec875608c4974d5ecda24aa6 kernel-modules-6.12.0-124.8.1.el10_1.aarch64.rpm 19df98ff04a1a53bbff886888600f10ece348949ef8a01579593a45f9d5732ef kernel-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm caa03c84b639cced94f85e045f8cb595c6c7830144b7fd8f75a76ddbe82347d4 kernel-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 42a8dd666ca787beaf51d0f879868a4d6ed4b7e3836bdccd3ea462065648e3f2 kernel-modules-extra-matched-6.12.0-124.8.1.el10_1.aarch64.rpm dd8d11d17eade064dabd4331b141462d4e9b5a88dea62aea12634c53dcb3dc92 kernel-tools-6.12.0-124.8.1.el10_1.aarch64.rpm 02fd174e907ec9aac8dfb67228ab817a815fd29d5f25b87207f91ff65d2a0e07 kernel-tools-libs-6.12.0-124.8.1.el10_1.aarch64.rpm f237a25af87097b03822fbb2f7d8a05662f281c81df946a37e236279cdfc5a84 kernel-uki-virt-6.12.0-124.8.1.el10_1.aarch64.rpm d360d5a40fe808d9a52643f6c5aa1e9d9b187468457abca7392e30ee4d9ae0fd kernel-uki-virt-addons-6.12.0-124.8.1.el10_1.aarch64.rpm 1ce40e950cc3220b2ccdf6252137e7897a6f91ee51340805f442b878fb3c2470 RLSA-2025:21248 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for openssl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms openssl-3.5.1-4.el10_1.aarch64.rpm af30bf1ce4fa949232db5cd7821af5cd9a5f2470f1db2be9c83d4f1e3758e9f7 openssl-libs-3.5.1-4.el10_1.aarch64.rpm 78c5e52f8ad1ea18a7398e5f89395e04111519603083b0e8a2115f03abf30e12 RLSA-2025:21020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.aarch64.rpm 941ca8d71997f5ffaa107710745eacc4ed5c7651d206059a2ddb448d5944142a libsss_autofs-2.11.1-2.el10_1.1.aarch64.rpm dff0d8c38b1eeb9894227036a221e12f464a3b2e34dbec77ce6667c8d1c7d5c4 libsss_certmap-2.11.1-2.el10_1.1.aarch64.rpm c91dc6659f85bd0258bd0f36c6653426143463a42154fc2a42829c05c723ce93 libsss_idmap-2.11.1-2.el10_1.1.aarch64.rpm 788a60e427ef1eb4b51d6223b84e16eb544dfe188876d06d2c061387eedc7701 libsss_nss_idmap-2.11.1-2.el10_1.1.aarch64.rpm 755da0f9abd73c8a644ce8e8400c9159814a7f46bffb543e6007163b51a41074 libsss_sudo-2.11.1-2.el10_1.1.aarch64.rpm 1eb186711514bb265269c2e45fc481c63a61b57021eeac90fec78a2a98a2317f python3-libipa_hbac-2.11.1-2.el10_1.1.aarch64.rpm 69cea129ca7460ed7d08df35e1ab9eb524c1fd30ca95e7b9ac4466d64309f220 python3-libsss_nss_idmap-2.11.1-2.el10_1.1.aarch64.rpm bfb7d56ba957d99f4f7b0bb1c8ff7c06c0b35720f36ccc9b826aa06d98b26e8e python3-sss-2.11.1-2.el10_1.1.aarch64.rpm 78be8ed08d77e049a23bcceda35bced6dba5499ad78cc4b592311c3756811a3b python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.aarch64.rpm d61549f207be57832034430c647a820939650efec19a430aa90aee2697ee7eb9 sssd-2.11.1-2.el10_1.1.aarch64.rpm a80176a9696b33e72ed7fb723a69f2f6255653bc9e5a65cddf8aa18759be42b4 sssd-ad-2.11.1-2.el10_1.1.aarch64.rpm 4c6f2cdf7c9779106464886fcfa9fc2245d4acc4038b1e071d91867a2ab416dc sssd-client-2.11.1-2.el10_1.1.aarch64.rpm eefb8b15e2c31401921842b0958717828fd002e0abc55899de7bf7248d523056 sssd-common-2.11.1-2.el10_1.1.aarch64.rpm 9673e4104ef5e17cace33f01475b0fbf431ae333c9b2a031001c16d82a93e5fe sssd-common-pac-2.11.1-2.el10_1.1.aarch64.rpm c2d94c25b1edcea1c4442dccdc9e26801a9abf2c7f2270f5cab18ff2fb71eab9 sssd-dbus-2.11.1-2.el10_1.1.aarch64.rpm a5900e14aadc48feb6259b14171c720dd89e98a307679683189d3c8b2820a036 sssd-ipa-2.11.1-2.el10_1.1.aarch64.rpm da60b5f2e51da3d483c454e435ec0d5ba3dc05eb9f109654b11497492566ef3b sssd-kcm-2.11.1-2.el10_1.1.aarch64.rpm d6419c2fcc6517706fd57f7d32e9c7f53fed13cebc70aef59f34339ef59468e8 sssd-krb5-2.11.1-2.el10_1.1.aarch64.rpm e76db9a0e6e1149d80d80dfb92cb8e1f4c11b6166641d1e4293b94ad2c8cfa41 sssd-krb5-common-2.11.1-2.el10_1.1.aarch64.rpm 110dad1cb68483c77652bdff696cad783ff24f889a2613f1e38ec4b2d1cad19a sssd-ldap-2.11.1-2.el10_1.1.aarch64.rpm fd2a863619225d1dce7db1938f951e5320f41945272586ec50aa9973679256d7 sssd-nfs-idmap-2.11.1-2.el10_1.1.aarch64.rpm b668879e15dd1d37677cb3133405de77c4502f90e0245c5e28c45293747a75a2 sssd-passkey-2.11.1-2.el10_1.1.aarch64.rpm 49fd7aa6de97aa4c5189a267e0500f666a42a1b5e7ac493e8de9f3ec6760824d sssd-proxy-2.11.1-2.el10_1.1.aarch64.rpm 04030458198553028fd2c1c4b6f12ec52fd5b7502c5bd3b0ecc066b714568ca0 sssd-tools-2.11.1-2.el10_1.1.aarch64.rpm fe704c662537a98ce3d852402a03303318f20826bdc118f2c295a3a7a79c18b6 sssd-winbind-idmap-2.11.1-2.el10_1.1.aarch64.rpm 4f2fb4ca70f2df760583a700dbc3546a75059f5b8de8d6c46cd139714875f61f RLSA-2025:21038 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms kea-3.0.1-2.el10_1.aarch64.rpm fd4531cb435a9418f87a34b8f219eaa7c1865907fdcf8073319e22125bb11eda kea-libs-3.0.1-2.el10_1.aarch64.rpm e38764dd9b4d57cb1598fc5637e6bd6a45bf3c84764fadd6a611dc2bac01e824