[El-errata] ELSA-2025-11861 Moderate: Oracle Linux 9 kernel security update

Wed Jul 30 11:04:38 UTC 2025

Oracle Linux Security Advisory ELSA-2025-11861

http://linux.oracle.com/errata/ELSA-2025-11861.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.30.1.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.30.1.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.30.1.0.1.el9_6.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
kernel-headers-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.30.1.0.1.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.30.1.0.1.el9_6.src.rpm

Related CVEs:

CVE-2024-57980
CVE-2025-21905
CVE-2025-22085
CVE-2025-22091
CVE-2025-22113
CVE-2025-22121
CVE-2025-37797
CVE-2025-37958
CVE-2025-38086
CVE-2025-38110

Description of changes:

[5.14.0-570.30.1.0.1.el9_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.30.1.el9_6]
- net_sched: hfsc: Fix a UAF vulnerability in class handling (Davide Caratti) [RHEL-95853] {CVE-2025-37797}

[5.14.0-570.29.1.el9_6]
- tcp: adjust rcvq_space after updating scaling ratio (Guillaume Nault) [RHEL-99145]
- ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CKI Backport Bot) [RHEL-93555] {CVE-2025-22121}
- ext4: introduce ITAIL helper (CKI Backport Bot) [RHEL-93555] {CVE-2025-22121}
- ext4: avoid journaling sb update on error if journal is destroying (Brian Foster) [RHEL-93591] {CVE-2025-22113}
- ext4: define ext4_journal_destroy wrapper (Brian Foster) [RHEL-93591]
- net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (CKI Backport Bot) [RHEL-102093] {CVE-2025-38110}
- smb: client: fix regression with native SMB symlinks (Paulo Alcantara) [RHEL-101953]
- redhat/configs: remove automotive directory (Eric Chanudet) [RHEL-96365]
- r8169: enable RTL8168H/RTL8168EP/RTL8168FP ASPM support (CKI Backport Bot) [RHEL-96715]
- r8169: disable RTL8126 ZRX-DC timeout (CKI Backport Bot) [RHEL-96715]
- net: ch9200: fix uninitialised access during mii_nway_restart (CKI Backport Bot) [RHEL-101212] {CVE-2025-38086}
- media: uvcvideo: Fix double free in error path (CKI Backport Bot) [RHEL-98795] {CVE-2024-57980}
- RDMA/mlx5: Fix page_size variable overflow (CKI Backport Bot) [RHEL-99320] {CVE-2025-22091}
- wifi: iwlwifi: limit printed string from FW file (CKI Backport Bot) [RHEL-99384] {CVE-2025-21905}
- RDMA/core: Fix use-after-free when rename device name (CKI Backport Bot) [RHEL-99048] {CVE-2025-22085}
- octeon_ep: Fix host hang issue during device reboot (CKI Backport Bot) [RHEL-93251]
- mm/huge_memory: fix dereferencing invalid pmd migration entry (Rafael Aquini) [RHEL-96368] {CVE-2025-37958}
- octeon_ep_vf: Resolve netdevice usage count issue (CKI Backport Bot) [RHEL-93252]
- s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues (CKI Backport Bot) [RHEL-87555]