Oracle9: ELSA-2025-0578: kernel security Moderate Security Advisory Updates

Oracle Linux Security Advisory ELSA-2025-0578

http://linux.oracle.com/errata/ELSA-2025-0578.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.4.0-503.22.1.el9_5.x86_64.rpm
kernel-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-abi-stablelists-5.14.0-503.22.1.el9_5.noarch.rpm
kernel-core-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-core-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-devel-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-modules-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-debug-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-devel-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-doc-5.14.0-503.22.1.el9_5.noarch.rpm
kernel-headers-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-modules-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-tools-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-tools-libs-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-uki-virt-addons-5.14.0-503.22.1.el9_5.x86_64.rpm
perf-5.14.0-503.22.1.el9_5.x86_64.rpm
python3-perf-5.14.0-503.22.1.el9_5.x86_64.rpm
rtla-5.14.0-503.22.1.el9_5.x86_64.rpm
rv-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-cross-headers-5.14.0-503.22.1.el9_5.x86_64.rpm
kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.x86_64.rpm
libperf-5.14.0-503.22.1.el9_5.x86_64.rpm

aarch64:
bpftool-7.4.0-503.22.1.el9_5.aarch64.rpm
kernel-headers-5.14.0-503.22.1.el9_5.aarch64.rpm
kernel-tools-5.14.0-503.22.1.el9_5.aarch64.rpm
kernel-tools-libs-5.14.0-503.22.1.el9_5.aarch64.rpm
perf-5.14.0-503.22.1.el9_5.aarch64.rpm
python3-perf-5.14.0-503.22.1.el9_5.aarch64.rpm
rtla-5.14.0-503.22.1.el9_5.aarch64.rpm
rv-5.14.0-503.22.1.el9_5.aarch64.rpm
kernel-cross-headers-5.14.0-503.22.1.el9_5.aarch64.rpm
kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.22.1.el9_5.src.rpm

Related CVEs:

CVE-2024-50154
CVE-2024-50275
CVE-2024-53088




Description of changes:

- [5.14.0-503.22.1.el9_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.22.1.el9_5]
- [s390] zcore: WRITE is "data source", not destination... (CKI Backport Bot) [RHEL-63078]
- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-72218] {CVE-2024-50275}
- bpf: Use raw_spinlock_t in ringbuf (Luis Claudio R. Goncalves) [RHEL-68992 RHEL-20608]
- rh_messages.h: un-unmaintain hfi1 (CKI Backport Bot) [RHEL-71322]
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-66055 RHEL-53595]
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-66055 RHEL-53595]
- ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use single token list for the copiers (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Adjust the params based on DAI formats (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Improve readability of sof_ipc4_prepare_dai_copier() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology/pcm: Rename sof_ipc4_copier_is_single_format() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Print out the channel count in sof_ipc4_dbg_audio_format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc3-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: add sof_dai_get_tdm_slots function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: rename dai clock setting query function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Add support for NHLT with 16-bit only DMIC blob (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Correct DAI copier config and NHLT blob request (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Allow selective update in sof_ipc4_update_hw_params (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: remove shadowed variable (Jaroslav Kysela) [RHEL-62030]
- Revert "ixgbe: Manual AN-37 for troublesome link partners for X550 SFI" (Ivan Vecera) [RHEL-65624]
- KVM: SVM: Propagate error from snp_guest_req_init() to userspace (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- x86/sev: Move sev_guest.h into common SEV header (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- i40e: fix race condition by adding filter's intermediate sync state (CKI Backport Bot) [RHEL-69809] {CVE-2024-53088}
- ice: fix truesize operations for PAGE_SIZE >= 8192 (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix ICE_LAST_OFFSET formula (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix page reuse when PAGE_SIZE is over 8k (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- nvme-fabrics: handle zero MAXCMD without closing the connection (Maurizio Lombardi) [RHEL-72970]
- selftests: netfilter: add test case for recent mismatch bug (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: store new sets in dedicated list (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: make cgroupsv2 matching work with namespaces (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [RHEL-71357 RHEL-60554]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-70541 RHEL-70449]
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66329 RHEL-66328] {CVE-2024-50154}
- rcu: Use system_unbound_wq to avoid disturbing isolated CPUs (Waiman Long) [RHEL-61329 RHEL-50220]
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (Cathy Avery) [RHEL-71393 RHEL-9848]
- scsi: storvsc: Handle additional SRB status values (Cathy Avery) [RHEL-71393 RHEL-9848]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
Oracle9: ELSA-2025-0578: kernel security Moderate Security Advisory Updates

Summary

SRPMs

x86_64

aarch64

i386

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
