[El-errata] ELBA-2025-2263 Oracle Linux 9 kernel bug fix and enhancement update

Fri Mar 7 12:56:54 UTC 2025

Oracle Linux Bug Fix Advisory ELBA-2025-2263

http://linux.oracle.com/errata/ELBA-2025-2263.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.4.0-503.29.1.el9_5.x86_64.rpm
kernel-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-abi-stablelists-5.14.0-503.29.1.el9_5.noarch.rpm
kernel-core-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-core-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-devel-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-devel-matched-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-modules-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-modules-core-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-modules-extra-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-debug-uki-virt-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-devel-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-devel-matched-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-doc-5.14.0-503.29.1.el9_5.noarch.rpm
kernel-headers-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-modules-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-modules-core-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-modules-extra-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-tools-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-tools-libs-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-uki-virt-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-uki-virt-addons-5.14.0-503.29.1.el9_5.x86_64.rpm
perf-5.14.0-503.29.1.el9_5.x86_64.rpm
python3-perf-5.14.0-503.29.1.el9_5.x86_64.rpm
rtla-5.14.0-503.29.1.el9_5.x86_64.rpm
rv-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-cross-headers-5.14.0-503.29.1.el9_5.x86_64.rpm
kernel-tools-libs-devel-5.14.0-503.29.1.el9_5.x86_64.rpm
libperf-5.14.0-503.29.1.el9_5.x86_64.rpm

aarch64:
bpftool-7.4.0-503.29.1.el9_5.aarch64.rpm
kernel-tools-5.14.0-503.29.1.el9_5.aarch64.rpm
kernel-tools-libs-5.14.0-503.29.1.el9_5.aarch64.rpm
perf-5.14.0-503.29.1.el9_5.aarch64.rpm
python3-perf-5.14.0-503.29.1.el9_5.aarch64.rpm
rtla-5.14.0-503.29.1.el9_5.aarch64.rpm
rv-5.14.0-503.29.1.el9_5.aarch64.rpm
kernel-cross-headers-5.14.0-503.29.1.el9_5.aarch64.rpm
kernel-tools-libs-devel-5.14.0-503.29.1.el9_5.aarch64.rpm
kernel-headers-5.14.0-503.29.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.29.1.el9_5.src.rpm

Description of changes:

- [5.14.0-503.29.1.el9_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.29.1.el9_5]
- rhel-9.5: gate on kernel-qe tests results not cki ones (Bruno Goncalves)
- ice: implement low latency PHY timer updates (Petr Oros) [RHEL-75466]
- ice: check low latency PHY timer update firmware capability (Petr Oros) [RHEL-75466]
- ice: add lock to protect low latency interface (Petr Oros) [RHEL-75466]
- ice: rename TS_LL_READ* macros to REG_LL_PROXY_H_* (Petr Oros) [RHEL-75466]
- ice: use read_poll_timeout_atomic in ice_read_phy_tstamp_ll_e810 (Petr Oros) [RHEL-75466]
- smb: client: get rid of kstrdup() in get_ses_refpath() (Paulo Alcantara) [RHEL-72875]
- smb: client: fix noisy when tree connecting to DFS interlink targets (Paulo Alcantara) [RHEL-72875]
- smb: client: don't trust DFSREF_STORAGE_SERVER bit (Paulo Alcantara) [RHEL-72875]
- smb: client: don't check for @leaf_fullpath in match_server() (Paulo Alcantara) [RHEL-72875]
- smb: client: get rid of TCP_Server_Info::refpath_lock (Paulo Alcantara) [RHEL-72875]
- smb: client: don't retry DFS targets on server shutdown (Paulo Alcantara) [RHEL-72875]
- smb: client: fix return value of parse_dfs_referrals() (Paulo Alcantara) [RHEL-72875]
- smb: client: optimize referral walk on failed link targets (Paulo Alcantara) [RHEL-72875]
- smb: client: provide dns_resolve_{unc,name} helpers (Paulo Alcantara) [RHEL-72875]
- smb: client: parse DNS domain name from domain= option (Paulo Alcantara) [RHEL-72875]
- smb: client: fix DFS mount against old servers with NTLMSSP (Paulo Alcantara) [RHEL-72875]
- smb: client: parse av pair type 4 in CHALLENGE_MESSAGE (Paulo Alcantara) [RHEL-72875]
- smb: client: introduce av_for_each_entry() helper (Paulo Alcantara) [RHEL-72875]
- smb: client: fix double free of TCP_Server_Info::hostname (Paulo Alcantara) [RHEL-72875]
- cifs: support mounting with alternate password to allow password rotation (Paulo Alcantara) [RHEL-72875]
- cifs: support reconnect with alternate password for SMB1 (Paulo Alcantara) [RHEL-72875]
- smb: client: sync the root session and superblock context passwords before automounting (Paulo Alcantara) [RHEL-72875]
- cifs: unlock on error in smb3_reconfigure() (Paulo Alcantara) [RHEL-72875]
- cifs: during remount, make sure passwords are in sync (Paulo Alcantara) [RHEL-72875]
- smb: client: Handle kstrdup failures for passwords (Paulo Alcantara) [RHEL-72875] {CVE-2024-50120}
- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-72875] {CVE-2024-54680}
- smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-72875] {CVE-2024-53095}
- Fix spelling errors in Server Message Block (Paulo Alcantara) [RHEL-72875]
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (CKI Backport Bot) [RHEL-78423]

[5.14.0-503.28.1.el9_5]
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (CKI Backport Bot) [RHEL-73726]
- intel_idle: Disable promotion to C1E on Jasper Lake and Elkhart Lake (David Arcari) [RHEL-62985]
- intel_idle: add Granite Rapids Xeon support (David Arcari) [RHEL-62985]
- intel_idle: Switch to new Intel CPU model defines (David Arcari) [RHEL-62985]
- x86/resctrl: Remove redundant variable in mbm_config_write_domain() (David Arcari) [RHEL-59001]
- x86/resctrl: Read supported bandwidth sources from CPUID (David Arcari) [RHEL-59001]
- x86/resctrl: Remove hard-coded memory bandwidth limit (David Arcari) [RHEL-59001]
- mei: me: disable RPL-S on SPS and IGN firmwares (CKI Backport Bot) [RHEL-60895]
- smb: client: change return value in open_cached_dir_by_dentry() if !cfids (Jay Shin) [RHEL-75935]
- smb: client: disable directory caching when dir_cache_timeout is zero (Jay Shin) [RHEL-75935]
- smb: client: remove unnecessary checks in open_cached_dir() (Jay Shin) [RHEL-75935]
- smb: prevent use-after-free due to open_cached_dir error paths (Jay Shin) [RHEL-75935] {CVE-2024-53177}
- smb: Don't leak cfid when reconnect races with open_cached_dir (Jay Shin) [RHEL-75935] {CVE-2024-53178}
- smb3: request handle caching when caching directories (Jay Shin) [RHEL-75935]
- bnxt_en: Unregister PTP during PCI shutdown and suspend (Michal Schmidt) [RHEL-69514]
- bnxt_en: Refactor bnxt_ptp_init() (Michal Schmidt) [RHEL-69514]
- smb: client: ignore unhandled reparse tags (Jay Shin) [RHEL-77743]
- smb: client: fix oops due to unset link speed (Jay Shin) [RHEL-77359]

[5.14.0-503.27.1.el9_5]
- NFS: enable nconnect for RDMA (Benjamin Coddington) [RHEL-77179]
- Revert "scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo" (Dick Kennedy) [RHEL-70933]
- idpf: fix idpf_vc_core_init error path (CKI Backport Bot) [RHEL-70191]
- idpf: avoid vport access in idpf_get_link_ksettings (CKI Backport Bot) [RHEL-70191]
- ip6mr: fix tables suspicious RCU usage (Andrea Claudi) [RHEL-71730]
- ipmr: tune the ipmr_can_free_table() checks. (Andrea Claudi) [RHEL-71730]
- ipmr: add debug check for mr table cleanup (Andrea Claudi) [RHEL-71730]
- net: ip6mr: add RTM_GETROUTE netlink op (Andrea Claudi) [RHEL-71730]
- i40e: add ability to reset VF for Tx and Rx MDD events (Michal Schmidt) [RHEL-75972]
- tcp: fix mptcp DSS corruption due to large pmtu xmit (Paolo Abeni) [RHEL-62215]
- mptcp: handle consistently DSS corruption (Paolo Abeni) [RHEL-62215]