[El-errata] ELSA-2025-20318 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed May 14 00:00:24 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-20318

http://linux.oracle.com/errata/ELSA-2025-20318.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-1.23.3.1.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-1.23.3.1.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-1.23.3.1.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-1.23.3.1.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-1.23.3.1.el9uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-6.12.0-1.23.3.1.el9uek.src.rpm

Related CVEs:

CVE-2024-28956




Description of changes:

[6.12.0-1.23.3.1]
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta)  [Orabug: 37920680]
- x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon)  [Orabug: 37920680]
- x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon)  [Orabug: 37920680]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- x86/its: Add support for RSB stuffing mitigation (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta)  [Orabug: 37863725]  {CVE-2024-28956}

More information about the El-errata mailing list