[El-errata] ELSA-2025-12662 Important: Oracle Linux 10 kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Aug 12 20:36:43 UTC 2025
Oracle Linux Security Advisory ELSA-2025-12662
http://linux.oracle.com/errata/ELSA-2025-12662.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-abi-stablelists-6.12.0-55.25.1.0.1.el10_0.noarch.rpm
kernel-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-cross-headers-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-matched-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-extra-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-debug-uki-virt-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-devel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-devel-matched-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-doc-6.12.0-55.25.1.0.1.el10_0.noarch.rpm
kernel-headers-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-modules-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-modules-core-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-modules-extra-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-tools-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-devel-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-addons-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
libperf-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
perf-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
python3-perf-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
rtla-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
rv-6.12.0-55.25.1.0.1.el10_0.x86_64.rpm
aarch64:
kernel-cross-headers-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
kernel-headers-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
kernel-tools-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-devel-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
libperf-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
perf-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
python3-perf-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
rtla-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
rv-6.12.0-55.25.1.0.1.el10_0.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.25.1.0.1.el10_0.src.rpm
Related CVEs:
CVE-2025-21727
CVE-2025-21928
CVE-2025-21929
CVE-2025-22020
CVE-2025-22085
CVE-2025-22113
CVE-2025-37890
CVE-2025-38052
CVE-2025-38086
CVE-2025-38087
CVE-2025-38264
Description of changes:
[6.12.0-55.25.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
[6.12.0-55.25.1]
- Bump internal version to 55.25.1
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice - CVE-2025-38001
- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() - CVE-2025-38000
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc - CVE-2025-37890
- sch_hfsc: make hfsc_qlen_notify() idempotent
- RDMA/core: Fix 'KASAN: slab-use-after-free Read in ib_register_device' problem - CVE-2025-38022
- RDMA/core: Fix use-after-free when rename device name - CVE-2025-22085
- nvme-tcp: sanitize request list handling - CVE-2025-38264
- net: tipc: fix refcount warning in tipc_aead_encrypt
- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done - CVE-2025-38052
- tcp: adjust rcvq_space after updating scaling ratio
- ext4: avoid journaling sb update on error if journal is destroying - CVE-2025-22113
- ext4: define ext4_journal_destroy wrapper - CVE-2025-22113
- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() - CVE-2025-21928
- HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() - CVE-2025-21929
- usb: hub: Fix flushing of delayed work used for post resume purposes
- usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
- usb: hub: fix detection of high tier USB3 devices behind suspended hubs
- net/sched: fix use-after-free in taprio_dev_notifier - CVE-2025-38087
- net: ch9200: fix uninitialised access during mii_nway_restart - CVE-2025-38086
- padata: avoid UAF for reorder_work - CVE-2025-21726
- padata: fix UAF in padata_reorder - CVE-2025-21727
- padata: add pd get/put refcnt helper
- padata: fix sysfs store callback check
- padata: Clean up in padata_do_multithreaded()
- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove -CVE-2025-22020
More information about the El-errata
mailing list