[El-errata] ELSA-2025-12746 Important: Oracle Linux 9 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Aug 7 21:27:33 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-12746

http://linux.oracle.com/errata/ELSA-2025-12746.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.32.1.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.32.1.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.32.1.0.1.el9_6.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
kernel-headers-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.32.1.0.1.el9_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.32.1.0.1.el9_6.src.rpm

Related CVEs:

CVE-2022-49788
CVE-2025-21727
CVE-2025-21928
CVE-2025-21929
CVE-2025-21962
CVE-2025-22020
CVE-2025-37890
CVE-2025-38052
CVE-2025-38087




Description of changes:

[5.14.0-570.32.1.0.1.el9_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.32.1.el9_6]
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Davide Caratti) [RHEL-97522] {CVE-2025-38001 CVE-2025-37890}
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Davide Caratti) [RHEL-97522] {CVE-2025-38000}
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (Davide Caratti) [RHEL-97522] {CVE-2025-37890}
- sch_hfsc: make hfsc_qlen_notify() idempotent (Ivan Vecera) [RHEL-97522]
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98847] {CVE-2025-21928}
- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CKI Backport Bot) [RHEL-98871] {CVE-2025-21929}

[5.14.0-570.31.1.el9_6]
- Bluetooth: btusb: avoid NULL pointer dereference in skb_dequeue() (David Marlin) [RHEL-95324] {CVE-2025-37918}
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (Desnes Nunes) [RHEL-99029] {CVE-2025-22020}
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (John W. Linville) [RHEL-97499] {CVE-2022-49788}
- net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103087]
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103087] {CVE-2025-38052}
- md/raid1: Add check for missing source disk in process_checks() (CKI Backport Bot) [RHEL-97439]
- net/sched: fix use-after-free in taprio_dev_notifier (CKI Backport Bot) [RHEL-101317] {CVE-2025-38087}
- padata: avoid UAF for reorder_work (Rafael Aquini) [RHEL-97031] {CVE-2025-21727 CVE-2025-21726}
- padata: fix UAF in padata_reorder (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
- padata: add pd get/put refcnt helper (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
- padata: fix sysfs store callback check (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
- padata: Clean up in padata_do_multithreaded() (Rafael Aquini) [RHEL-97031] {CVE-2025-21727}
- platform/x86: dell_rbu: Fix list usage (David Arcari) [RHEL-100908]
- cifs: Fix integer overflow while processing closetimeo mount option (CKI Backport Bot) [RHEL-87900] {CVE-2025-21962}

More information about the El-errata mailing list