{"schema_version":"1.7.2","id":"OESA-2026-1077","modified":"2026-01-16T11:57:54Z","published":"2026-01-16T11:57:54Z","upstream":["CVE-2025-40115","CVE-2025-40266"],"summary":"kernel security update","details":"The Linux Kernel, the operating system core itself.\r\n\r\nSecurity Fix(es):\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpt3sas: Fix crash in transport port remove by using ioc_info()\n\nDuring mpt3sas_transport_port_remove(), messages were logged with\ndev_printk() against &mpt3sas_port->port->dev. At this point the SAS\ntransport device may already be partially unregistered or freed, leading\nto a crash when accessing its struct device.\n\nUsing ioc_info(), which logs via the PCI device (ioc->pdev->dev),\nguaranteed to remain valid until driver removal.\n\n[83428.295776] Oops: general protection fault, probably for non-canonical address 0x6f702f323a33312d: 0000 [#1] SMP NOPTI\n[83428.295785] CPU: 145 UID: 0 PID: 113296 Comm: rmmod Kdump: loaded Tainted: G           OE       6.16.0-rc1+ #1 PREEMPT(voluntary)\n[83428.295792] Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n[83428.295795] Hardware name: Dell Inc. Precision 7875 Tower/, BIOS 89.1.67 02/23/2024\n[83428.295799] RIP: 0010:__dev_printk+0x1f/0x70\n[83428.295805] Code: 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 49 89 d1 48 85 f6 74 52 4c 8b 46 50 4d 85 c0 74 1f 48 8b 46 68 48 85 c0 74 22 <48> 8b 08 0f b6 7f 01 48 c7 c2 db e8 42 ad 83 ef 30 e9 7b f8 ff ff\n[83428.295813] RSP: 0018:ff85aeafc3137bb0 EFLAGS: 00010206\n[83428.295817] RAX: 6f702f323a33312d RBX: ff4290ee81292860 RCX: 5000cca25103be32\n[83428.295820] RDX: ff85aeafc3137bb8 RSI: ff4290eeb1966c00 RDI: ffffffffc1560845\n[83428.295823] RBP: ff85aeafc3137c18 R08: 74726f702f303a33 R09: ff85aeafc3137bb8\n[83428.295826] R10: ff85aeafc3137b18 R11: ff4290f5bd60fe68 R12: ff4290ee81290000\n[83428.295830] R13: ff4290ee6e345de0 R14: ff4290ee81290000 R15: ff4290ee6e345e30\n[83428.295833] FS:  00007fd9472a6740(0000) GS:ff4290f5ce96b000(0000) knlGS:0000000000000000\n[83428.295837] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[83428.295840] CR2: 00007f242b4db238 CR3: 00000002372b8006 CR4: 0000000000771ef0\n[83428.295844] PKRU: 55555554\n[83428.295846] Call Trace:\n[83428.295848]  <TASK>\n[83428.295850]  _dev_printk+0x5c/0x80\n[83428.295857]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295863]  mpt3sas_transport_port_remove+0x1c7/0x420 [mpt3sas]\n[83428.295882]  _scsih_remove_device+0x21b/0x280 [mpt3sas]\n[83428.295894]  ? _scsih_expander_node_remove+0x108/0x140 [mpt3sas]\n[83428.295906]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.295910]  mpt3sas_device_remove_by_sas_address.part.0+0x8f/0x110 [mpt3sas]\n[83428.295921]  _scsih_expander_node_remove+0x129/0x140 [mpt3sas]\n[83428.295933]  _scsih_expander_node_remove+0x6a/0x140 [mpt3sas]\n[83428.295944]  scsih_remove+0x3f0/0x4a0 [mpt3sas]\n[83428.295957]  pci_device_remove+0x3b/0xb0\n[83428.295962]  device_release_driver_internal+0x193/0x200\n[83428.295968]  driver_detach+0x44/0x90\n[83428.295971]  bus_remove_driver+0x69/0xf0\n[83428.295975]  pci_unregister_driver+0x2a/0xb0\n[83428.295979]  _mpt3sas_exit+0x1f/0x300 [mpt3sas]\n[83428.295991]  __do_sys_delete_module.constprop.0+0x174/0x310\n[83428.295997]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296000]  ? __x64_sys_getdents64+0x9a/0x110\n[83428.296005]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296009]  ? syscall_trace_enter+0xf6/0x1b0\n[83428.296014]  do_syscall_64+0x7b/0x2c0\n[83428.296019]  ? srso_alias_return_thunk+0x5/0xfbef5\n[83428.296023]  entry_SYSCALL_64_after_hwframe+0x76/0x7e(CVE-2025-40115)\n\nIn the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Check the untrusted offset in FF-A memory share\n\nVerify the offset to prevent OOB access in the hypervisor\nFF-A buffer in case an untrusted large enough value\n[U32_MAX - sizeof(struct ffa_composite_mem_region) + 1, U32_MAX]\nis set from the host kernel.(CVE-2025-40266)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"kernel","purl":"pkg:rpm/openEuler/kernel&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.6.0-129.0.0.114.oe2403"}]}],"ecosystem_specific":{"aarch64":["bpftool-6.6.0-129.0.0.114.oe2403.aarch64.rpm","bpftool-debuginfo-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-debuginfo-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-debugsource-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-devel-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-headers-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-source-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-tools-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-tools-debuginfo-6.6.0-129.0.0.114.oe2403.aarch64.rpm","kernel-tools-devel-6.6.0-129.0.0.114.oe2403.aarch64.rpm","perf-6.6.0-129.0.0.114.oe2403.aarch64.rpm","perf-debuginfo-6.6.0-129.0.0.114.oe2403.aarch64.rpm","python3-perf-6.6.0-129.0.0.114.oe2403.aarch64.rpm","python3-perf-debuginfo-6.6.0-129.0.0.114.oe2403.aarch64.rpm"],"src":["kernel-6.6.0-129.0.0.114.oe2403.src.rpm"],"x86_64":["bpftool-6.6.0-129.0.0.114.oe2403.x86_64.rpm","bpftool-debuginfo-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-debuginfo-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-debugsource-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-devel-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-headers-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-source-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-tools-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-tools-debuginfo-6.6.0-129.0.0.114.oe2403.x86_64.rpm","kernel-tools-devel-6.6.0-129.0.0.114.oe2403.x86_64.rpm","perf-6.6.0-129.0.0.114.oe2403.x86_64.rpm","perf-debuginfo-6.6.0-129.0.0.114.oe2403.x86_64.rpm","python3-perf-6.6.0-129.0.0.114.oe2403.x86_64.rpm","python3-perf-debuginfo-6.6.0-129.0.0.114.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1077"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40115"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40266"}],"database_specific":{"severity":"Medium"}}