Oracle9: ELSA-2025-0059: kernel security Important Security Advisory Updates

Oracle Linux Security Advisory ELSA-2025-0059

http://linux.oracle.com/errata/ELSA-2025-0059.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.4.0-503.21.1.el9_5.x86_64.rpm
kernel-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-abi-stablelists-5.14.0-503.21.1.el9_5.noarch.rpm
kernel-core-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-core-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-devel-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-devel-matched-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-modules-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-debug-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-devel-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-devel-matched-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-doc-5.14.0-503.21.1.el9_5.noarch.rpm
kernel-headers-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-modules-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-tools-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-tools-libs-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-uki-virt-addons-5.14.0-503.21.1.el9_5.x86_64.rpm
perf-5.14.0-503.21.1.el9_5.x86_64.rpm
python3-perf-5.14.0-503.21.1.el9_5.x86_64.rpm
rtla-5.14.0-503.21.1.el9_5.x86_64.rpm
rv-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-cross-headers-5.14.0-503.21.1.el9_5.x86_64.rpm
kernel-tools-libs-devel-5.14.0-503.21.1.el9_5.x86_64.rpm
libperf-5.14.0-503.21.1.el9_5.x86_64.rpm

aarch64:
bpftool-7.4.0-503.21.1.el9_5.aarch64.rpm
kernel-cross-headers-5.14.0-503.21.1.el9_5.aarch64.rpm
kernel-headers-5.14.0-503.21.1.el9_5.aarch64.rpm
kernel-tools-5.14.0-503.21.1.el9_5.aarch64.rpm
kernel-tools-libs-5.14.0-503.21.1.el9_5.aarch64.rpm
kernel-tools-libs-devel-5.14.0-503.21.1.el9_5.aarch64.rpm
perf-5.14.0-503.21.1.el9_5.aarch64.rpm
python3-perf-5.14.0-503.21.1.el9_5.aarch64.rpm
rtla-5.14.0-503.21.1.el9_5.aarch64.rpm
rv-5.14.0-503.21.1.el9_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.21.1.el9_5.src.rpm

Related CVEs:

CVE-2024-46713
CVE-2024-50208
CVE-2024-50252
CVE-2024-53122




Description of changes:

[5.14.0-503.21.1.el9_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.21.1.el9_5]
- mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (CKI Backport Bot) [RHEL-66899] {CVE-2024-50252}
- CVE-2024-53122 mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (Patrick Talbert) [RHEL-70083 RHEL-69670] {CVE-2024-53122}
- mm: make show_free_areas() static (Aristeu Rozanski) [RHEL-66998 RHEL-27743]
- mm: remove arguments of show_mem() (Aristeu Rozanski) [RHEL-66998 RHEL-27743]
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: gaccess: Check if guest address is in memslot (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390/uv: Panic for set and remove shared access UVC errors (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: remove useless include (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests (Thomas Huth) [RHEL-67922 RHEL-65229]
- mm/userfaultfd: Do not place zeropages when zeropages are disallowed (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390: allow pte_offset_map_lock() to fail (Thomas Huth) [RHEL-67922 RHEL-54248]
- KVM: s390: vsie: Use virt_to_phys for crypto control block (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: vsie: Use virt_to_phys for facility control block (Thomas Huth) [RHEL-67922 RHEL-65229]
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-68137 RHEL-68102]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-68137 RHEL-68102]
- gfs2: Randomize GLF_VERIFY_DELETE work delay (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Update to the evict / remote delete documentation (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Clean up delete work processing (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Minor delete_work_func cleanup (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Fix unlinked inode cleanup (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Allow immediate GLF_VERIFY_DELETE work (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: make timeout values more explicit (Wolfram Sang) [RHEL-62105 RHEL-60945]
- gfs2: Simplify function gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename SDF_DEACTIVATING to SDF_KILL (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- smb: client: fix use-after-free of signing key (Jay Shin) [RHEL-69306 RHEL-66206]
- net/iucv: fix use after free in iucv_sock_close() (Mete Durlu) [RHEL-60300 RHEL-53992]
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (CKI Backport Bot) [RHEL-70294]

[5.14.0-503.20.1.el9_5]
- bnxt_en: Add support for user configured RSS key (Michal Schmidt) [RHEL-68699 RHEL-54645]
- bnxt_en: Add function to calculate Toeplitz hash (Michal Schmidt) [RHEL-68699 RHEL-54645]
- kvm: Note an RCU quiescent state on guest exit (Leonardo Bras) [RHEL-65734 RHEL-20288]
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full OS jitter (Leonardo Bras) [RHEL-65734 RHEL-20288]
- context_tracking: Fix KCSAN noinstr violation (Leonardo Bras) [RHEL-65734 RHEL-20288]
- perf/aux: Fix AUX buffer serialization (Michael Petlan) [RHEL-67495] {CVE-2024-46713}
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Mohammad Heib) [RHEL-66669 RHEL-52759] {CVE-2024-50208}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
Oracle9: ELSA-2025-0059: kernel security Important Security Advisory Updates

Summary

SRPMs

x86_64

aarch64

i386

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
