[El-errata] ELSA-2025-20153 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Mar 11 19:52:56 UTC 2025
Oracle Linux Security Advisory ELSA-2025-20153
http://linux.oracle.com/errata/ELSA-2025-20153.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.341.3.1.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.341.3.1.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.341.3.1.el8uek.src.rpm
Related CVEs:
CVE-2024-44986
CVE-2024-53164
CVE-2024-56767
CVE-2024-56769
Description of changes:
[5.4.17-2136.341.3.1.el8uek]
- Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37667080]
[5.4.17-2136.341.3.el8uek]
- io_uring: fix possible deadlock in io_register_iowq_max_workers() (Hagar Hemdan) [Orabug: 37565787]
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (Jens Axboe) [Orabug: 37565787]
- io_uring: use kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787]
- fs: create kiocb_{start,end}_write() helpers (Amir Goldstein) [Orabug: 37565787]
- io_uring: rename kiocb_end_write() local helper (Amir Goldstein) [Orabug: 37565787]
- io_uring/sqpoll: close race on waiting for sqring entries (Jens Axboe) [Orabug: 37565787]
- io_uring/sqpoll: do not put cpumask on stack (Felix Moessbauer) [Orabug: 37565787]
- io_uring/sqpoll: retain test for whether the CPU is valid (Jens Axboe) [Orabug: 37565787]
- io_uring/sqpoll: do not allow pinning outside of cpuset (Felix Moessbauer) [Orabug: 37565787]
- io_uring/io-wq: limit retrying worker initialisation (Pavel Begunkov) [Orabug: 37565787]
- vfs: check dentry is still valid in get_link() (Ian Kent) [Orabug: 37536393]
- RDS: avoid queueing delayed work on an offlined cpu (Praveen Kumar Kannoju) [Orabug: 37260584]
- NFSD: Limit the number of concurrent async COPY operations (Chuck Lever) [Orabug: 37206187]
[5.4.17-2136.341.2.el8uek]
- LTS tag: v5.4.289 (Sherry Yang)
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa)
- drm: adv7511: Drop dsi single lane support (Biju Das)
- net/sctp: Prevent autoclose integer overflow in sctp_association_init() (Nikolay Kuratov)
- sky2: Add device ID 11ab:4373 for Marvell 88E8075 (Pascal Hambourg)
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (Evgenii Shatokhin)
- RDMA/uverbs: Prevent integer overflow issue (Dan Carpenter)
- modpost: fix the missed iteration for the max bit in do_input() (Masahiro Yamada)
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (Masahiro Yamada)
- ARC: build: Try to guess GCC variant of cross compiler (Leon Romanovsky)
- irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base (Uros Bizjak)
- net: usb: qmi_wwan: add Telit FE910C04 compositions (Daniele Palmas)
- bpf: fix potential error return (Anton Protopopov)
- sound: usb: format: don't warn that raw DSD is unsupported (Adrian Ratiu)
- wifi: mac80211: wake the queues in case of failure in resume (Emmanuel Grumbach)
- ila: serialize calls to nf_register_net_hooks() (Eric Dumazet)
- ALSA: usb-audio: US16x08: Initialize array before use (Tanya Agarwal)
- net: llc: reset skb->transport_header (Antonio Pastor)
- netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (Pablo Neira Ayuso)
- netfilter: Replace zero-length array with flexible-array member (Gustavo A. R. Silva)
- netrom: check buffer length before accessing it (Ilya Shchipletsov)
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (Stefan Ekenberg)
- drm: bridge: adv7511: Enable SPDIF DAI (Bogdan Togorean)
- RDMA/bnxt_re: Fix max_qp_wrs reported (Selvin Xavier)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (Kalesh AP)
- RDMA/bnxt_re: Add check for path mtu in modify_qp (Saravanan Vajravel)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (Patrisious Haddad)
- net/mlx5: Make API mlx5_core_is_ecpf accept const pointer (Parav Pandit)
- IB/mlx5: Introduce and use mlx5_core_is_vf() (Parav Pandit)
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (Michael Kelley)
- selinux: ignore unknown extended permissions (Thiébaud Weksteen)
- ipv6: prevent possible UAF in ip6_xmit() (Eric Dumazet)
- skb_expand_head() adjust skb->truesize incorrectly (Vasily Averin)
- btrfs: avoid monopolizing a core when activating a swap file (Filipe Manana)
- tracing: Constify string literal data member in struct trace_event_call (Christian Göttsche)
- bpf: fix recursive lock when verdict program return SK_PASS (Jiayuan Chen)
- ipv6: fix possible UAF in ip6_finish_output2() (Eric Dumazet) [Orabug: 37029070] {CVE-2024-44986}
- ipv6: use skb_expand_head in ip6_xmit (Vasily Averin)
- ipv6: use skb_expand_head in ip6_finish_output2 (Vasily Averin)
- skbuff: introduce skb_expand_head() (Vasily Averin)
- MIPS: Probe toolchain support of -msym32 (Jiaxun Yang)
- epoll: Add synchronous wakeup support for ep_poll_callback (Xuewen Yan)
- virtio-blk: don't keep queue frozen during system suspend (Ming Lei)
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time (Ranjan Kumar)
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (Armin Wolf)
- regmap: Use correct format specifier for logging range errors (Mark Brown)
- scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl)
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040 (Magnus Lindholm)
- tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (Masami Hiramatsu (Google))
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (Chen Ridong) [Orabug: 37452681] {CVE-2024-56767}
- dmaengine: mv_xor: fix child node refcount handling in early exit (Javier Carrasco)
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (Zijun Hu)
- phy: core: Fix that API devm_phy_put() fails to release the phy (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (Zijun Hu)
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (Zijun Hu)
- mtd: diskonchip: Cast an operand to prevent potential overflow (Zichen Xie)
- bpf: Check negative offsets in __bpf_skb_min_len() (Cong Wang)
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (Nikita Zhandarovich) [Orabug: 37452687] {CVE-2024-56769}
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (Zijun Hu)
- of: Fix error path in of_parse_phandle_with_args_map() (Herve Codina)
- udmabuf: also check for F_SEAL_FUTURE_WRITE (Jann Horn)
- nilfs2: prevent use of deleted inode (Edward Adam Davis)
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (Trond Myklebust)
- btrfs: tree-checker: reject inline extent items with 0 ref count (Qu Wenruo)
- zram: refuse to use zero sized block device as backing device (Kairui Song)
- sh: clk: Fix clk_enable() to return 0 on NULL clk (Geert Uytterhoeven)
- USB: serial: option: add Telit FE910C04 rmnet compositions (Daniele Palmas)
- USB: serial: option: add MediaTek T7XX compositions (Jack Wu)
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (Mank Wang)
- USB: serial: option: add MeiG Smart SLM770A (Michal Hrusecky)
- USB: serial: option: add TCL IK512 MBIM & ECM (Daniel Swanemar)
- efivarfs: Fix error on non-existent file (James Bottomley)
- i2c: riic: Always round-up when calculating bus period (Geert Uytterhoeven)
- chelsio/chtls: prevent potential integer overflow on 32bit (Dan Carpenter)
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (Prathamesh Shete)
- netfilter: ipset: Fix for recursive locking warning (Phil Sutter)
- net: ethernet: bgmac-platform: fix an OF node reference leak (Joe Hattori)
- net: hinic: Fix cleanup in create_rxqs/txqs() (Dan Carpenter)
- ionic: use ee->offset when returning sprom data (Shannon Nelson)
- net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (Guangguan Wang)
- erofs: fix incorrect symlink detection in fast symlink (Gao Xiang)
- erofs: fix order >= MAX_ORDER warning due to crafted negative i_size (Gao Xiang)
- drm/i915: Fix memory leak by correcting cache object name in error handler (Jiasheng Jiang)
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (Ajit Khaparde)
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (Takashi Iwai)
- PCI/AER: Disable AER service on suspend (Kai-Heng Feng)
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled (Peng Hongchi)
- net: sched: fix ordering of qlen adjustment (Lion Ackermann) [Orabug: 37433383] {CVE-2024-53164}
[5.4.17-2136.341.1.el8uek]
- kpcimgr: fix flush_icache_range arguments (Joe Dobosenski) [Orabug: 37525298]
- uek-rpm: Update network stress testing options for embedded2 (Joe Dobosenski) [Orabug: 37530220]
More information about the El-errata
mailing list