Oracle Linux Security Advisory ELSA-2025-20019

http://linux.oracle.com/errata/ELSA-2025-20019.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:


aarch64:
kernel-uek-5.4.17-2136.339.5.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.339.5.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.339.5.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.339.5.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.339.5.el8uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.339.5.el8uek.src.rpm

Related CVEs:

CVE-2022-29901
CVE-2024-56644




Description of changes:

[5.4.17-2136.339.5.el8uek]
- tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() (Nikolay Kuratov) 
- vhost_scsi: log write descriptors (Dongli Zhang)  [Orabug: 37393533]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang)  [Orabug: 37393533]

[5.4.17-2136.339.4.el8uek]
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai)
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno)
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton)
- net/ipv6: release expired exception dst cached in socket (Jiri Wiesner)
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds)
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy)
- Revert "usb: gadget: composite: fix OS descriptors w_value logic" (Michal Vrastil)

[5.4.17-2136.339.3.el8uek]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang)  [Orabug: 37364531]
- rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 (William Kucharski)  [Orabug: 37265127]
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation (William Kucharski)  [Orabug: 37265125]
- rds: rds_message_alloc() needlessly zeroes m_used_sgs (William Kucharski)  [Orabug: 37265123]
- rds: tracepoint in rds_receive_csum_err() prints pointless information (William Kucharski)  [Orabug: 37265121]
- rds: rds_inc_init() should initialize the inc->i_conn_path field (William Kucharski)  [Orabug: 37265117]
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption (William Kucharski)  [Orabug: 37265115]
- md/raid10: fix task hung in raid10d (Li Nan)  [Orabug: 37126683]
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (Yu Kuai)  [Orabug: 37126683]
- md/raid10: avoid deadlock on recovery. (Vitaly Mayatskikh)  [Orabug: 37126683]

[5.4.17-2136.339.2.el8uek]
- arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. (Miguel Luis)  [Orabug: 37027863]

[5.4.17-2136.339.1.el8uek]
- net/rds: report pending-messages count in RDS_INQ response (Devesh Sharma)  [Orabug: 35596047] [Orabug: 35316633]
- net/rds: Introduce RDS-INQ feature to RDS protocol (Devesh Sharma)  [Orabug: 35316632] [Orabug: 37109336]
- net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma)  [Orabug: 34460809] [Orabug: 37072814]
- mm/memory-failure: pass the folio and the page to collect_procs() (Matthew Wilcox (Oracle))  [Orabug: 37270264]
- KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD (Sean Christopherson)  [Orabug: 37273706]
- KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding (Sean Christopherson)  [Orabug: 37273706]
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra)  [Orabug: 37273706] {CVE-2022-29901}
- x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled (Alexandre Chartre)  [Orabug: 37310552]
- x86/msr: Add functions to set/clear the bit of an MSR on all cpus (Alexandre Chartre)  [Orabug: 37310552]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2025-20019: kernel Important Security Advisory Updates

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[5.4.17-2136.339.5.el8uek] - tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() (Nikolay Kuratov) - vhost_scsi: log write descriptors (Dongli Zhang) [Orabug: 37393533] - vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang) [Orabug: 37393533] [5.4.17-2136.339.4.el8uek] - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai) - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno) - mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton) - net/ipv6: release expired exception dst cached in socket (Jiri Wiesner) - Revert "unicode: Don't special case ignorable code points" (Linus Torvalds) - powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy) - Revert "usb: gadget: composite: fix OS descriptors w_value logic" (Michal Vrastil) [5.4.17-2136.339.3.el8uek] - Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang) [Orab...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.339.5.el8uek.src.rpm

x86_64

aarch64

kernel-uek-5.4.17-2136.339.5.el8uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.339.5.el8uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.339.5.el8uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.339.5.el8uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.339.5.el8uek.noarch.rpm

i386

Severity
Related CVEs: CVE-2022-29901 CVE-2024-56644

Related News

Parrot OS 6.3: Elevating Security with Enhanced Features & Tools
3 - 5 min read
Parrot OS 6.3 has just arrived , bringing crucial updates that security admins should note. This latest version of the popular secure Linux
Linux Kernel 6.14 Released: Top Security Features You Need to Know
3 - 6 min read
With the release of Linux kernel 6.14 , admins and Linux users have many new features and enhancements to look forward to - especially in the realm
Don
2 - 4 min read
Google recently issued a crucial Chrome update that those using a version of the browser prior to version 132.0.6834.110 should implement
Intel Brings Next-Level Security to Linux with Partner Security Engine
3 - 6 min read
Intel recently introduced a game-changer in hardware security with its new Partner Security Engine integrated into the Core Ultra Series 2. This
A Tiny Linux Kernel Tweak with Massive Implications for Datacenter Efficiency
3 - 6 min read
In a groundbreaking development, security researchers have introduced a small but mighty tweak to the Linux kernel that promises to cut data center
Best Practices for Securing Linux Systems Against Malicious Bots
3 - 6 min read
Linux systems have long been an indispensable asset to businesses and individuals alike. From running servers and cloud infrastructure to powering
Securing Open-Source Projects with Automated Testing on Linux
4 - 7 min read
Open-source project security testing focuses on many components, ensuring there are no safety vulnerabilities. These components include physical
KaOS Linux 2025.01: Merging Security with Practicality
3 - 6 min read
As the realm of Linux distribution expands, security admins find themselves faced with choosing a system that fits operational needs and upholds

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved