[El-errata] ELSA-2025-7423 Important: Oracle Linux 9 kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue May 27 17:26:27 UTC 2025
Oracle Linux Security Advisory ELSA-2025-7423
http://linux.oracle.com/errata/ELSA-2025-7423.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.16.1.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.16.1.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.16.1.0.1.el9_6.x86_64.rpm
aarch64:
kernel-headers-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
kernel-cross-headers-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.16.1.0.1.el9_6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-570.16.1.0.1.el9_6.src.rpm
Related CVEs:
CVE-2024-58005
CVE-2024-58007
CVE-2024-58069
CVE-2025-21633
CVE-2025-21927
CVE-2025-21993
Description of changes:
[5.14.0-570.16.1.0.1.el9_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-570.16.1.el9_6]
- soc: qcom: socinfo: Avoid out of bounds read of serial number (Jared Kangas) [RHEL-88252] {CVE-2024-58007}
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (Jared Kangas) [RHEL-88252]
- soc: qcom: Add check devm_kasprintf() returned value (Jared Kangas) [RHEL-88252]
[5.14.0-570.15.1.el9_6]
- ice: ensure periodic output start time is in the future (Petr Oros) [RHEL-86021]
- ice: fix PHY Clock Recovery availability check (Petr Oros) [RHEL-86021]
- ice: Drop auxbus use for PTP to finalize ice_adapter move (Petr Oros) [RHEL-86021]
- ice: Use ice_adapter for PTP shared data instead of auxdev (Petr Oros) [RHEL-86021]
- ice: Initial support for E825C hardware in ice_adapter (Petr Oros) [RHEL-86021]
- ice: Add ice_get_ctrl_ptp() wrapper to simplify the code (Petr Oros) [RHEL-86021]
- ice: Introduce ice_get_phy_model() wrapper (Petr Oros) [RHEL-86021]
- ice: Enable 1PPS out from CGU for E825C products (Petr Oros) [RHEL-86021]
- ice: Read SDP section from NVM for pin definitions (Petr Oros) [RHEL-86021]
- ice: Disable shared pin on E810 on setfunc (Petr Oros) [RHEL-86021]
- ice: Cache perout/extts requests and check flags (Petr Oros) [RHEL-86021]
- ice: Align E810T GPIO to other products (Petr Oros) [RHEL-86021]
- ice: Add SDPs support for E825C (Petr Oros) [RHEL-86021]
- ice: Implement ice_ptp_pin_desc (Petr Oros) [RHEL-86021]
[5.14.0-570.14.1.el9_6]
- smb: client: fix regression with guest option (Paulo Alcantara) [RHEL-83859]
- io_uring/sqpoll: zero sqd->thread on tctx errors (CKI Backport Bot) [RHEL-87264] {CVE-2025-21633}
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (Chris Leech) [RHEL-86915] {CVE-2025-21927}
- iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CKI Backport Bot) [RHEL-86840] {CVE-2025-21993}
- certs: Add ECDSA signature verification self-test (Herbert Xu) [RHEL-82247]
- certs: Move RSA self-test data to separate file (Herbert Xu) [RHEL-82247]
- certs: Break circular dependency when selftest is modular (Herbert Xu) [RHEL-82247]
- KEYS: Include linux/errno.h in linux/verification.h (Herbert Xu) [RHEL-82247]
- crypto: certs: fix FIPS selftest dependency (Herbert Xu) [RHEL-82247]
- New configs in certs/Kconfig (Fedora Kernel Team) [RHEL-82247]
- certs: Add support for using elliptic curve keys for signing modules (Herbert Xu) [RHEL-82247]
- certs: Trigger creation of RSA module signing key if it's not an RSA key (Herbert Xu) [RHEL-82247]
- tpm: Change to kvalloc() in eventlog/acpi.c (Štěpán Horáček) [RHEL-82147] {CVE-2024-58005}
[5.14.0-570.13.1.el9_6]
- scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83049]
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (Maxim Levitsky) [RHEL-85942]
- net: netvsc: Update default VMBus channels (Maxim Levitsky) [RHEL-85942]
- net: mana: cleanup mana struct after debugfs_remove() (Maxim Levitsky) [RHEL-85942]
- net: mana: Cleanup "mana" debugfs dir after cleanup of all children (Maxim Levitsky) [RHEL-85942]
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
- net: mana: Fix memory leak in mana_gd_setup_irqs (Maxim Levitsky) [RHEL-85942]
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (Maxim Levitsky) [RHEL-85942]
- net: mana: use ethtool string helpers (Maxim Levitsky) [RHEL-85942]
- net: mana: Enable debugfs files for MANA device (Maxim Levitsky) [RHEL-85942]
- net: mana: Add get_link and get_link_ksettings in ethtool (Maxim Levitsky) [RHEL-85942]
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (Maxim Levitsky) [RHEL-85942]
- net: mana: Improve mana_set_channels() in low mem conditions (Maxim Levitsky) [RHEL-85942]
- net: mana: Implement get_ringparam/set_ringparam for mana (Maxim Levitsky) [RHEL-85942]
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (Maxim Levitsky) [RHEL-85942]
- ice: Fix signedness bug in ice_init_interrupt_scheme() (Petr Oros) [RHEL-80557]
- ice: init flow director before RDMA (Petr Oros) [RHEL-80557]
- ice: simplify VF MSI-X managing (Petr Oros) [RHEL-80557]
- ice: enable_rdma devlink param (Petr Oros) [RHEL-80557]
- ice: treat dyn_allowed only as suggestion (Petr Oros) [RHEL-80557]
- ice, irdma: move interrupts code to irdma (Petr Oros) [RHEL-80557]
- ice: get rid of num_lan_msix field (Petr Oros) [RHEL-80557]
- ice: remove splitting MSI-X between features (Petr Oros) [RHEL-80557]
- ice: devlink PF MSI-X max and min parameter (Petr Oros) [RHEL-80557]
- ice: ice_probe: init ice_adapter after HW init (Petr Oros) [RHEL-80557]
- ice: minor: rename goto labels from err to unroll (Petr Oros) [RHEL-80557]
- ice: split ice_init_hw() out from ice_init_dev() (Petr Oros) [RHEL-80557]
- ice: c827: move wait for FW to ice_init_hw() (Petr Oros) [RHEL-80557]
- smb: client: don't retry IO on failed negprotos with soft mounts (Jay Shin) [RHEL-85524]
- cgroup: Remove steal time from usage_usec (Waiman Long) [RHEL-85398]
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CKI Backport Bot) [RHEL-85395] {CVE-2024-58069}
More information about the El-errata
mailing list