[El-errata] ELSA-2025-18281 Moderate: Oracle Linux 9 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Oct 21 09:10:59 UTC 2025 

Oracle Linux Security Advisory ELSA-2025-18281

http://linux.oracle.com/errata/ELSA-2025-18281.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-abi-stablelists-5.14.0-570.55.1.0.1.el9_6.noarch.rpm
kernel-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-cross-headers-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-devel-matched-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-modules-extra-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-debug-uki-virt-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-devel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-devel-matched-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-doc-5.14.0-570.55.1.0.1.el9_6.noarch.rpm
kernel-headers-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-modules-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-modules-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-modules-extra-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-tools-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-tools-libs-devel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
kernel-uki-virt-addons-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
libperf-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
perf-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
python3-perf-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
rtla-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm
rv-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
kernel-headers-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
kernel-tools-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
kernel-tools-libs-devel-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
perf-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
python3-perf-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
rtla-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm
rv-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570.55.1.0.1.el9_6.src.rpm

Related CVEs:

CVE-2022-50087
CVE-2025-22026
CVE-2025-38566
CVE-2025-38571
CVE-2025-39817
CVE-2025-39841
CVE-2025-39849




Description of changes:

[5.14.0-570.55.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.55.1]
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (CKI Backport Bot) [RHEL-119115] {CVE-2025-39841}

[5.14.0-570.54.1]
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Charles Mirabile) [RHEL-113836] {CVE-2022-50087}
- SUNRPC: call xs_sock_process_cmsg for all cmsg (Olga Kornievskaia) [RHEL-110811]
- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [RHEL-110811] {CVE-2025-38571}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CKI Backport Bot) [RHEL-118256] {CVE-2025-39817}
- sunrpc: fix handling of server side tls alerts (Steve Dickson) [RHEL-111070] {CVE-2025-38566}
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (Jay Shin) [RHEL-116679]

[5.14.0-570.53.1]
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CKI Backport Bot) [RHEL-117578] {CVE-2025-39849}
- ibmvnic: Use ndo_get_stats64 to fix inaccurate SAR reporting (Mamatha Inamdar) [RHEL-114436]
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (Mamatha Inamdar) [RHEL-114436]
- ibmvnic: Add stat for tx direct vs tx batched (Mamatha Inamdar) [RHEL-114436]
- nfsd: don't ignore the return code of svc_proc_register() (Olga Kornievskaia) [RHEL-93610] {CVE-2025-22026}
- irdma: free iwdev->rf after removing MSI-X (CKI Backport Bot) [RHEL-111485]

More information about the El-errata mailing list