|
|
Subscribe / Log in / New account

Oracle alert ELSA-2025-20406 (kernel)



From:
              Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>


To:
              el-errata@oss.oracle.com


Subject:
              [El-errata] ELSA-2025-20406 Moderate: Oracle Linux 8 Unbreakable Enterprise kernel security update


Date:
              Wed, 09 Jul 2025 04:34:23 -0700


Message-ID:
              <mailman.899.1752060871.37250.el-errata@oss.oracle.com>


Oracle Linux Security Advisory ELSA-2025-20406

http://linux.oracle.com/errata/ELSA-2025-20406.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.344.4.3.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.344.4.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.344.4.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.344.4.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.344.4.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.344.4.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.344.4.3.el8uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17...

Related CVEs:

CVE-2024-28956
CVE-2024-36350
CVE-2024-36357




Description of changes:

[5.4.17-2136.344.4.3.el8uek]
- Add Zen34 clients (Borislav Petkov (AMD))  [Orabug: 38129026]  {CVE-2024-36350} {CVE-2024-36357}
- x86/process: Move the buffer clearing before MONITOR (Kim Phillips)  [Orabug: 38129026]
{CVE-2024-36350} {CVE-2024-36357}
- KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD))  [Orabug: 38129026]
{CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD))  [Orabug:
38129026]  {CVE-2024-36350} {CVE-2024-36357}
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini)  [Orabug: 38129026]
{CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD))  [Orabug:
38129026]  {CVE-2024-36350} {CVE-2024-36357}
- x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD))  [Orabug: 38129026]
{CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky)  [Orabug:
38129026]  {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre)
[Orabug: 38129010]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta)  [Orabug: 38128642]  {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta)  [Orabug: 38128642]
{CVE-2024-28956}
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Pawan Gupta)  [Orabug: 38128642]
{CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta)  [Orabug: 38128642]
{CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta)  [Orabug: 38128642]
{CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta)  [Orabug: 38128642]
{CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta)  [Orabug: 38128642]
{CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta)  [Orabug: 38128642]
{CVE-2024-28956}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds