Oracle alert ELSA-2025-12752 (kernel)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2025-12752 Important: Oracle Linux 8 kernel security update | |
| Date: | Wed, 06 Aug 2025 16:59:49 -0700 | |
| Message-ID: | <mailman.88.1754524800.253.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2025-12752 http://linux.oracle.com/errata/ELSA-2025-12752.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: bpftool-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-abi-stablelists-4.18.0-553.66.1.el8_10.noarch.rpm kernel-core-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-cross-headers-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-debug-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-debug-core-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-debug-devel-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-debug-modules-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-debug-modules-extra-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-devel-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-doc-4.18.0-553.66.1.el8_10.noarch.rpm kernel-headers-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-modules-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-modules-extra-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-tools-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-tools-libs-4.18.0-553.66.1.el8_10.x86_64.rpm kernel-tools-libs-devel-4.18.0-553.66.1.el8_10.x86_64.rpm perf-4.18.0-553.66.1.el8_10.x86_64.rpm python3-perf-4.18.0-553.66.1.el8_10.x86_64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553... Related CVEs: CVE-2022-50020 CVE-2025-21928 CVE-2025-22020 CVE-2025-37890 CVE-2025-38052 CVE-2025-38079 Description of changes: [4.18.0-553.66.1.el8_10.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772] [4.18.0-553.66.1.el8_10] - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Xin Long) [RHEL-105415] {CVE-2025-38000} - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CKI Backport Bot) [RHEL-105415] {CVE-2025-37890} - sch_hfsc: make hfsc_qlen_notify() idempotent (Xin Long) [RHEL-105415] - crypto: algif_hash - fix double free in hash_accept (CKI Backport Bot) [RHEL-102223] {CVE-2025-38079} - Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-100698] {CVE-2025-22077} - Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-100698] - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-100698] - smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-100698] {CVE-2024-54680} - smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-100698] {CVE-2024-53095} - smb: client: fix warning in generic_ip_connect() (Paulo Alcantara) [RHEL-100698] - net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103079] - net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103079] {CVE-2025-38052} - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CKI Backport Bot) [RHEL-99013] {CVE-2025-22020} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98837] {CVE-2025-21928} [4.18.0-553.65.1.el8_10] - x86/alternatives: avoid mapping FIX_TEXT_POKE1 page when it is not required (Rafael Aquini) [RHEL-95422] - ext4: avoid resizing to a partial cluster size (CKI Backport Bot) [RHEL-101423] {CVE-2022-50020} _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata