[El-errata] ELSA-2025-2627 Important: Oracle Linux 9 kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Fri Mar 14 00:05:45 UTC 2025
Oracle Linux Security Advisory ELSA-2025-2627
http://linux.oracle.com/errata/ELSA-2025-2627.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-7.4.0-503.31.1.el9_5.x86_64.rpm
kernel-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-abi-stablelists-5.14.0-503.31.1.el9_5.noarch.rpm
kernel-core-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-core-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-devel-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-modules-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-debug-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-devel-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-devel-matched-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-doc-5.14.0-503.31.1.el9_5.noarch.rpm
kernel-headers-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-modules-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-modules-core-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-modules-extra-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-tools-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-tools-libs-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-uki-virt-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-uki-virt-addons-5.14.0-503.31.1.el9_5.x86_64.rpm
perf-5.14.0-503.31.1.el9_5.x86_64.rpm
python3-perf-5.14.0-503.31.1.el9_5.x86_64.rpm
rtla-5.14.0-503.31.1.el9_5.x86_64.rpm
rv-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-cross-headers-5.14.0-503.31.1.el9_5.x86_64.rpm
kernel-tools-libs-devel-5.14.0-503.31.1.el9_5.x86_64.rpm
libperf-5.14.0-503.31.1.el9_5.x86_64.rpm
aarch64:
bpftool-7.4.0-503.31.1.el9_5.aarch64.rpm
kernel-headers-5.14.0-503.31.1.el9_5.aarch64.rpm
kernel-tools-5.14.0-503.31.1.el9_5.aarch64.rpm
kernel-tools-libs-5.14.0-503.31.1.el9_5.aarch64.rpm
perf-5.14.0-503.31.1.el9_5.aarch64.rpm
python3-perf-5.14.0-503.31.1.el9_5.aarch64.rpm
rtla-5.14.0-503.31.1.el9_5.aarch64.rpm
rv-5.14.0-503.31.1.el9_5.aarch64.rpm
kernel-cross-headers-5.14.0-503.31.1.el9_5.aarch64.rpm
kernel-tools-libs-devel-5.14.0-503.31.1.el9_5.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.31.1.el9_5.src.rpm
Related CVEs:
CVE-2023-52605
CVE-2023-52922
CVE-2024-50264
CVE-2024-50302
CVE-2024-53113
CVE-2024-53197
Description of changes:
[5.14.0-503.31.1.el9_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-503.31.1.el9_5]
- HID: core: zero-initialize the report buffer (Benjamin Tissoires) [RHEL-81838] {CVE-2024-50302}
- x86/kaslr: Expose and use the end of the physical memory address space (Waiman Long) [RHEL-70002]
- ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81799]
- ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81799] {CVE-2024-53197}
- ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81799]
- x86/kexec: Add EFI config table identity mapping for kexec kernel (Jay Shin) [RHEL-74170]
- mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (Jay Shin) [RHEL-73210] {CVE-2024-53113}
- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]
[5.14.0-503.30.1.el9_5]
- can: bcm: Fix UAF in bcm_proc_show() (CKI KWF BOT) [RHEL-80746] {CVE-2023-52922}
- smb: client: fix chmod(2) regression with ATTR_READONLY (Jay Shin) [RHEL-80526]
- hugetlb: prioritize surplus allocation from current node (Aristeu Rozanski) [RHEL-77488]
- dev: Acquire netdev_rename_lock before restoring dev->name in dev_change_name(). (Antoine Tenart) [RHEL-77338]
- net: add softirq safety to netdev_rename_lock (Antoine Tenart) [RHEL-77343]
- arp: Convert ioctl(SIOCGARP) to RCU. (Antoine Tenart) [RHEL-77343]
- net: Protect dev->name by seqlock. (Antoine Tenart) [RHEL-77343]
- net: Remove unused declaration dev_restart() (Antoine Tenart) [RHEL-77343]
- arp: Get dev after calling arp_req_(delete|set|get)(). (Antoine Tenart) [RHEL-77343]
- arp: Remove a nest in arp_req_get(). (Antoine Tenart) [RHEL-77343]
- arp: Factorise ip_route_output() call in arp_req_set() and arp_req_delete(). (Antoine Tenart) [RHEL-77343]
- arp: Validate netmask earlier for SIOCDARP and SIOCSARP in arp_ioctl(). (Antoine Tenart) [RHEL-77343]
- arp: Move ATF_COM setting in arp_req_set(). (Antoine Tenart) [RHEL-77343]
- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-75250] {CVE-2023-52605}
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-75461] {CVE-2024-50264}
- x86/pci: Skip early E820 check for ECAM region (CKI Backport Bot) [RHEL-67065]
- cpufreq: intel_pstate: Update Balance performance EPP for Emerald Rapids (Steve Best) [RHEL-64291]
More information about the El-errata
mailing list