Oracle Linux Security Advisory ELSA-2025-20018

http://linux.oracle.com/errata/ELSA-2025-20018.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:


aarch64:
bpftool-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-304.171.4.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-304.171.4.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-304.171.4.el9uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-304.171.4.el9uek.src.rpm

Related CVEs:

CVE-2024-46770
CVE-2024-53060
CVE-2024-53070
CVE-2024-53097
CVE-2024-53206
CVE-2024-53226




Description of changes:

[5.15.0-304.171.4.el9uek]
- Revert "unicode: Don't special case ignorable code points" (Linus Torvalds) 
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" (Aurelien Jarno) 
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Kuniyuki Iwashima) 
- lib/buildid: Fix build ID parsing logic (Jiri Olsa) 
- powerpc/vdso: Flag VDSO64 entry points as functions (Christophe Leroy) 
- mm: krealloc: Fix MTE false alarm in __do_krealloc (Qun-Wei Lin) 
- Revert "ALSA: hda/conexant: Mute speakers at suspend / shutdown" (Jarosław Janik) 
- usb: dwc3: fix fault at system suspend if device was already runtime suspended (Roger Quadros) 
- ACPI: PRM: Clean up guid type in struct prm_handler_info (Dan Carpenter) 
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (Junxian Huang) 
- mm: revert "mm: shmem: fix data-race in shmem_getattr()" (Andrew Morton) 
- ACPI: CPPC: Fix _CPC register setting issue (Lifeng Zheng) 
- scsi: qla2xxx: Fix abort in bsg timeout (Quinn Tran) 
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (Antonio Quartulli) 
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (Kashyap Desai) 
- vhost_scsi: log write descriptors (Dongli Zhang)  [Orabug: 37393531]
- vhost-scsi: protect vq->log_base with vq->mutex (Dongli Zhang)  [Orabug: 37393531]

[5.15.0-304.171.3.el9uek]
- build: populate modules_thick.builtin for dirs containing only modules (Nick Alcock)  [Orabug: 37381702]
- mtd: fix use-after-free in mtd release (Alexander Usyskin)  [Orabug: 37371929]
- mtd: Clean refcounting with MTD_PARTITIONED_MASTER (Miquel Raynal)  [Orabug: 37371929]
- mtd: call external _get and _put in right order (Alexander Usyskin)  [Orabug: 37371929]
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (Andy Shevchenko)  [Orabug: 37371929]
- Revert "ocfs2: fix the la space leak when unmounting an ocfs2 volume" (Sherry Yang)  [Orabug: 37364544]
- x86/pkeys: Ensure updated PKRU value is XRSTOR'd (Aruna Ramakrishna)  [Orabug: 37361290]
- x86/pkeys: Change caller of update_pkru_in_sigframe() (Aruna Ramakrishna)  [Orabug: 37361290]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Vishal Verma)  [Orabug: 37347419]
- mm/memcontrol: Fix memcg stat calculation (Aruna Ramakrishna)  [Orabug: 37306542]

[5.15.0-304.171.2.el9uek]
- uek-rpm: Add mstflint_access module to the core list (Thomas Tai)  [Orabug: 37345530]
- uek-rpm/ol8/config-aarch64-emb3: Enable CONFIG_ARM_SDE_INTERFACE (Thomas Tai)  [Orabug: 37345530]
- sunrpc: fix a NULL deref in svc_process() when ->sv_stats doesn't exist (Calum Mackay)  [Orabug: 37329531]
- Partial revert "rds: Add inc/frag cache statistics" (Hans Westgaard Ry)  [Orabug: 37232315]

[5.15.0-304.171.1.el9uek]
- kpcimgr: assign CPU to handle PCIE transactions during kexec (Joe Dobosenski)  [Orabug: 37295980]
- kexec: update start address for LPI table data (Joe Dobosenski)  [Orabug: 37295980]
- kpcimgr: fix flush_icache_range arguments (Joe Dobosenski)  [Orabug: 37295980]
- embedded2: Enable CONFIG_SQUASHFS_ZSTD to support zstd compression (Joe Dobosenski)  [Orabug: 37295980]
- embedded2: Support booting an encrypted root filesystem (Joe Dobosenski)  [Orabug: 37295980]
- Update embedded2 config for UEK7 (Joe Dobosenski)  [Orabug: 37295980]
- Pensando: kernel config changes for kdump (Rob Gardner)  [Orabug: 34091165] [Orabug: 37295980]
- arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Joe Dobosenski)  [Orabug: 37295980]
- arm64: kexec: add support for kexec with spin-table (Henry Willard)  [Orabug: 32549965] [Orabug: 37295980]
- drivers/soc/pensando/cap_mem.c: Support DM region mapping. (David Clear)  [Orabug: 37295980]
- drivers/edac: elba: Support multiple DDR bypass ranges. (David Clear)  [Orabug: 37295980]
- mmc: sdhci-cadence: Enable host driver defined bounce buffer (Brad Larson)  [Orabug: 37295980]
- Fix NULL pointer dereference in cn_filter() (Anjali Kulkarni)  [Orabug: 37280567]
- selftests: connector: Fix input argument error paths to skip (Shuah Khan)  [Orabug: 37280567]
- connector/cn_proc: Selftest for proc connector (Anjali Kulkarni)  [Orabug: 37280567]
- connector/cn_proc: Allow non-root users access (Anjali Kulkarni)  [Orabug: 37280567]
- connector/cn_proc: Performance improvements (Anjali Kulkarni)  [Orabug: 37280567]
- connector/cn_proc: Add filtering to fix some bugs (Anjali Kulkarni)  [Orabug: 37280567]
- netlink: Add new netlink_release function (Anjali Kulkarni)  [Orabug: 37280567]
- ice: Add netif_device_attach/detach into PF reset flow (Dawid Osuchowski)  [Orabug: 37214589] {CVE-2024-46770}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata