RLSA-2025:23279

Security

Mirrored from RHSA-2025:23279

Issued at: 2025-12-24

Updated at: 2025-12-29

Synopsis

Important: kernel security update

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499)

* kernel: net: tun: Update napi->skb after XDP process (CVE-2025-39984)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 10 aarch64

Rocky Linux 10 ppc64le

Rocky Linux 10 s390x

Rocky Linux 10 x86_64

Fixes

2387670

2404111

CVEs

CVE-2025-38499

CVE-2025-39984

Affected packages

Rocky Linux 10 aarch64 - BaseOS

kernel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-0:6.12.0-124.21.1.el10_1.src.rpm

kernel-64k-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debug-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debug-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debug-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debug-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debug-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debug-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-abi-stablelists-0:6.12.0-124.21.1.el10_1.noarch.rpm

kernel-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debuginfo-common-aarch64-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-modules-extra-matched-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-tools-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-tools-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-tools-libs-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-uki-virt-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-uki-virt-addons-0:6.12.0-124.21.1.el10_1.aarch64.rpm

Rocky Linux 10 ppc64le - BaseOS

kernel-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-0:6.12.0-124.21.1.el10_1.src.rpm

kernel-abi-stablelists-0:6.12.0-124.21.1.el10_1.noarch.rpm

kernel-core-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debug-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debug-core-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debug-debuginfo-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debuginfo-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debuginfo-common-ppc64le-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debug-modules-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debug-modules-core-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debug-modules-extra-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-modules-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-modules-core-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-modules-extra-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-modules-extra-matched-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-tools-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-tools-debuginfo-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-tools-libs-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

Rocky Linux 10 s390x - BaseOS

kernel-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-0:6.12.0-124.21.1.el10_1.src.rpm

kernel-abi-stablelists-0:6.12.0-124.21.1.el10_1.noarch.rpm

kernel-core-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debug-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debug-core-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debug-debuginfo-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debuginfo-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debuginfo-common-s390x-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debug-modules-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debug-modules-core-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debug-modules-extra-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-modules-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-modules-core-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-modules-extra-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-modules-extra-matched-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-tools-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-tools-debuginfo-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-zfcpdump-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-zfcpdump-core-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-zfcpdump-debuginfo-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-zfcpdump-modules-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-zfcpdump-modules-core-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-zfcpdump-modules-extra-0:6.12.0-124.21.1.el10_1.s390x.rpm

Rocky Linux 10 x86_64 - BaseOS

kernel-0:6.12.0-124.21.1.el10_1.src.rpm

kernel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-abi-stablelists-0:6.12.0-124.21.1.el10_1.noarch.rpm

kernel-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debuginfo-common-x86_64-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-modules-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-modules-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-modules-extra-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-uki-virt-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-modules-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-modules-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-modules-extra-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-modules-extra-matched-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-tools-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-tools-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-tools-libs-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-uki-virt-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-uki-virt-addons-0:6.12.0-124.21.1.el10_1.x86_64.rpm

Rocky Linux 10 aarch64 - AppStream

kernel-64k-debug-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-debug-devel-matched-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-64k-devel-matched-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-debug-devel-matched-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-devel-matched-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-doc-0:6.12.0-124.21.1.el10_1.noarch.rpm

perf-0:6.12.0-124.21.1.el10_1.aarch64.rpm

perf-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

python3-perf-0:6.12.0-124.21.1.el10_1.aarch64.rpm

python3-perf-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

rtla-0:6.12.0-124.21.1.el10_1.aarch64.rpm

rv-0:6.12.0-124.21.1.el10_1.aarch64.rpm

Rocky Linux 10 ppc64le - AppStream

kernel-debug-devel-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-debug-devel-matched-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-devel-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-devel-matched-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

kernel-doc-0:6.12.0-124.21.1.el10_1.noarch.rpm

perf-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

perf-debuginfo-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

python3-perf-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

python3-perf-debuginfo-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

rtla-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

rv-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

Rocky Linux 10 s390x - AppStream

kernel-debug-devel-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-debug-devel-matched-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-devel-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-devel-matched-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-doc-0:6.12.0-124.21.1.el10_1.noarch.rpm

kernel-zfcpdump-devel-0:6.12.0-124.21.1.el10_1.s390x.rpm

kernel-zfcpdump-devel-matched-0:6.12.0-124.21.1.el10_1.s390x.rpm

perf-0:6.12.0-124.21.1.el10_1.s390x.rpm

perf-debuginfo-0:6.12.0-124.21.1.el10_1.s390x.rpm

python3-perf-0:6.12.0-124.21.1.el10_1.s390x.rpm

python3-perf-debuginfo-0:6.12.0-124.21.1.el10_1.s390x.rpm

rtla-0:6.12.0-124.21.1.el10_1.s390x.rpm

rv-0:6.12.0-124.21.1.el10_1.s390x.rpm

Rocky Linux 10 x86_64 - AppStream

kernel-debug-devel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-debug-devel-matched-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-devel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-devel-matched-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-doc-0:6.12.0-124.21.1.el10_1.noarch.rpm

perf-0:6.12.0-124.21.1.el10_1.x86_64.rpm

perf-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

python3-perf-0:6.12.0-124.21.1.el10_1.x86_64.rpm

python3-perf-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

rtla-0:6.12.0-124.21.1.el10_1.x86_64.rpm

rv-0:6.12.0-124.21.1.el10_1.x86_64.rpm

Rocky Linux 10 aarch64 - RT

kernel-rt-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debug-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debug-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debug-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debug-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debug-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debug-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-debug-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-64k-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debug-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debug-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debug-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debug-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debug-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debug-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-debug-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-modules-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-modules-core-0:6.12.0-124.21.1.el10_1.aarch64.rpm

kernel-rt-modules-extra-0:6.12.0-124.21.1.el10_1.aarch64.rpm

Rocky Linux 10 x86_64 - NFV

kernel-rt-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-devel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-modules-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-modules-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-modules-extra-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-devel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-modules-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-modules-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-modules-extra-0:6.12.0-124.21.1.el10_1.x86_64.rpm

Rocky Linux 10 x86_64 - RT

kernel-rt-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-devel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-modules-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-modules-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-debug-modules-extra-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-devel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-modules-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-modules-core-0:6.12.0-124.21.1.el10_1.x86_64.rpm

kernel-rt-modules-extra-0:6.12.0-124.21.1.el10_1.x86_64.rpm

Rocky Linux 10 aarch64 - CRB

kernel-tools-libs-devel-0:6.12.0-124.21.1.el10_1.aarch64.rpm

libperf-0:6.12.0-124.21.1.el10_1.aarch64.rpm

libperf-debuginfo-0:6.12.0-124.21.1.el10_1.aarch64.rpm

Rocky Linux 10 ppc64le - CRB

kernel-tools-libs-devel-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

libperf-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

libperf-debuginfo-0:6.12.0-124.21.1.el10_1.ppc64le.rpm

Rocky Linux 10 x86_64 - CRB

kernel-tools-libs-devel-0:6.12.0-124.21.1.el10_1.x86_64.rpm

libperf-0:6.12.0-124.21.1.el10_1.x86_64.rpm

libperf-debuginfo-0:6.12.0-124.21.1.el10_1.x86_64.rpm

Rocky Linux 10 s390x - CRB

libperf-0:6.12.0-124.21.1.el10_1.s390x.rpm

libperf-debuginfo-0:6.12.0-124.21.1.el10_1.s390x.rpm