[El-errata] ELSA-2025-22395 Moderate: Oracle Linux 10 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Dec 9 06:37:06 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-22395

http://linux.oracle.com/errata/ELSA-2025-22395.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-abi-stablelists-6.12.0-124.16.1.el10_1.noarch.rpm
kernel-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-cross-headers-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-devel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-devel-matched-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-modules-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-modules-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-modules-extra-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-debug-uki-virt-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-devel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-devel-matched-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-doc-6.12.0-124.16.1.el10_1.noarch.rpm
kernel-headers-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-core-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-extra-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-modules-extra-matched-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-tools-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-tools-libs-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-tools-libs-devel-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-uki-virt-6.12.0-124.16.1.el10_1.x86_64.rpm
kernel-uki-virt-addons-6.12.0-124.16.1.el10_1.x86_64.rpm
libperf-6.12.0-124.16.1.el10_1.x86_64.rpm
perf-6.12.0-124.16.1.el10_1.x86_64.rpm
python3-perf-6.12.0-124.16.1.el10_1.x86_64.rpm
rtla-6.12.0-124.16.1.el10_1.x86_64.rpm
rv-6.12.0-124.16.1.el10_1.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-headers-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-tools-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-tools-libs-6.12.0-124.16.1.el10_1.aarch64.rpm
kernel-tools-libs-devel-6.12.0-124.16.1.el10_1.aarch64.rpm
libperf-6.12.0-124.16.1.el10_1.aarch64.rpm
perf-6.12.0-124.16.1.el10_1.aarch64.rpm
python3-perf-6.12.0-124.16.1.el10_1.aarch64.rpm
rtla-6.12.0-124.16.1.el10_1.aarch64.rpm
rv-6.12.0-124.16.1.el10_1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.16.1.el10_1.src.rpm

Related CVEs:

CVE-2025-22068
CVE-2025-38724
CVE-2025-39883
CVE-2025-39898
CVE-2025-39918
CVE-2025-39971




Description of changes:

[6.12.0-124.16.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
- Clean git history at setup stage

[6.12.0-124.16.1]
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (Xin Long) [RHEL-125759]
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CKI Backport Bot) [RHEL-119161] {CVE-2025-39883}

[6.12.0-124.15.1]
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CKI Backport Bot) [RHEL-125623] {CVE-2025-38724}
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (Jose Ignacio Tornos Martinez) [RHEL-123070]
- wifi: mt76: do not add non-sta wcid entries to the poll list (Jose Ignacio Tornos Martinez) [RHEL-123070]
- wifi: mt76: fix linked list corruption (Jose Ignacio Tornos Martinez) [RHEL-123070] {CVE-2025-39918}

[6.12.0-124.14.1]
- ublk: make sure ubq->canceling is set when queue is frozen (Ming Lei) [RHEL-99436] {CVE-2025-22068}
- e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123127] {CVE-2025-39898}
- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123811]
- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123811] {CVE-2025-39968}
- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123811] {CVE-2025-39969}
- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123811] {CVE-2025-39970}
- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123811] {CVE-2025-39971}
- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123811] {CVE-2025-39972}
- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123811] {CVE-2025-39973}
- nvme-multipath: Skip nr_active increments in RETRY disposition (Ewan D. Milne) [RHEL-123689]

More information about the El-errata mailing list