[El-errata] ELSA-2025-13602 Moderate: Oracle Linux 9 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Aug 14 07:07:07 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-13602

http://linux.oracle.com/errata/ELSA-2025-13602.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.33.2.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.33.2.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.33.2.0.1.el9_6.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
kernel-headers-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.33.2.0.1.el9_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.33.2.0.1.el9_6.src.rpm

Related CVEs:

CVE-2025-38079
CVE-2025-38292




Description of changes:

[5.14.0-570.33.2.0.1.el9_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.33.2.el9_6]
- Revert "sch_htb: make htb_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
- Revert "sch_drr: make drr_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
- Revert "sch_qfq: make qfq_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
- Revert "codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()" (Patrick Talbert) [RHEL-108138]
- Revert "sch_htb: make htb_deactivate() idempotent" (Patrick Talbert) [RHEL-108138]
- Revert "net/sched: Always pass notifications when child class becomes empty" (Patrick Talbert) [RHEL-108138]

[5.14.0-570.33.1.el9_6]
- net/sched: Always pass notifications when child class becomes empty (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}
- sch_htb: make htb_deactivate() idempotent (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}
- sch_qfq: make qfq_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}
- sch_drr: make drr_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}
- sch_htb: make htb_qlen_notify() idempotent (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}
- redhat: update BUILD_TARGET to rhel-9.6.0-z-test-pesign (Jan Stancek)
- PCI: Use downstream bridges for distributing resources (Jennifer Berringer) [RHEL-102666]
- PCI/ACS: Fix 'pci=config_acs=' parameter (Charles Mirabile) [RHEL-102652]
- PCI: Fix pci_enable_acs() support for the ACS quirks (Charles Mirabile) [RHEL-102652]
- Documentation: Fix pci=config_acs= example (Charles Mirabile) [RHEL-102652]
- Revert "PCI: Wait for device readiness with Configuration RRS" (John W. Linville) [RHEL-94414]
- bnxt_en: Skip MAC loopback selftest if it is unsupported by FW (CKI Backport Bot) [RHEL-82564]
- bnxt_en: Skip PHY loopback ethtool selftest if unsupported by FW (CKI Backport Bot) [RHEL-82564]
- wifi: ath12k: fix invalid access to memory (CKI Backport Bot) [RHEL-103219] {CVE-2025-38292}
- crypto: algif_hash - fix double free in hash_accept (CKI Backport Bot) [RHEL-102235] {CVE-2025-38079}

More information about the El-errata mailing list