[El-errata] ELSA-2025-19931 Moderate: Oracle Linux 8 kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Nov 12 16:41:53 UTC 2025
Oracle Linux Security Advisory ELSA-2025-19931
http://linux.oracle.com/errata/ELSA-2025-19931.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.83.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.83.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.83.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.83.1.el8_10.x86_64.rpm
perf-4.18.0-553.83.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.83.1.el8_10.x86_64.rpm
aarch64:
bpftool-4.18.0-553.83.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.83.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.83.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.83.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.83.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.83.1.el8_10.aarch64.rpm
perf-4.18.0-553.83.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.83.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.83.1.el8_10.src.rpm
Related CVEs:
CVE-2022-50367
CVE-2023-53178
CVE-2025-40300
Description of changes:
[4.18.0-553.83.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
[4.18.0-553.83.1]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367}
- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285]
- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781]
- i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781]
- i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781]
- bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781]
- bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781]
- qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757]
- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215]
- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215]
- jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215]
- s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611]
- mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
- mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
More information about the El-errata
mailing list