Oracle alert ELSA-2025-20716 (kernel)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2025-20716 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update | |
| Date: | Thu, 16 Oct 2025 04:57:14 -0700 | |
| Message-ID: | <mailman.354.1760615843.31.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2025-20716 http://linux.oracle.com/errata/ELSA-2025-20716.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: aarch64: bpftool-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-container-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-core-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-313.189.5.1.el9uek.noarch.rpm kernel-uek-modules-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek64k-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek64k-core-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek64k-devel-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek64k-modules-5.15.0-313.189.5.1.el9uek.aarch64.rpm kernel-uek64k-modules-extra-5.15.0-313.189.5.1.el9uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0... Related CVEs: CVE-2022-48703 CVE-2024-26775 CVE-2025-38067 CVE-2025-38165 CVE-2025-38236 CVE-2025-38264 CVE-2025-38375 CVE-2025-38439 CVE-2025-38441 CVE-2025-38443 CVE-2025-38444 CVE-2025-38445 CVE-2025-38448 CVE-2025-38457 CVE-2025-38458 CVE-2025-38459 CVE-2025-38460 CVE-2025-38461 CVE-2025-38462 CVE-2025-38464 CVE-2025-38465 CVE-2025-38466 CVE-2025-38467 CVE-2025-38494 CVE-2025-38495 CVE-2025-38499 CVE-2025-38513 CVE-2025-38515 CVE-2025-38516 CVE-2025-38540 CVE-2025-38546 CVE-2025-38569 CVE-2025-38618 CVE-2025-38727 CVE-2025-39866 Description of changes: [5.15.0-313.189.5.1.el9uek] - af_unix: Don't leave consecutive consumed OOB skbs. (Kuniyuki Iwashima) [Orabug: 38528187] {CVE-2025-38236} - fs: writeback: fix use-after-free in __mark_inode_dirty() (Jiufei Xue) [Orabug: 38528183] {CVE-2025-39866} - rtnetlink: Fix L3 stats disable handling in rtnl_offload_xstats_fill() (Vijayendra Suman) [Orabug: 38528177] [5.15.0-313.189.5.el9uek] - net/rds: tracepoints for rds_conn_kref_get and put (Sharath Srinivasan) [Orabug: 37793025] - net/rds: Add krefs to struct rds_connection (Sharath Srinivasan) [Orabug: 37793025] - nvme-tcp: sanitize request list handling (Hannes Reinecke) [Orabug: 38175126,38454661] {CVE-2025-38264} - llist: add interface to check if a node is on a list. (Neil Brown) [Orabug: 38175126] {CVE-2025-38264} [5.15.0-313.189.4.el9uek] - uek-rpm: Move ifb module to modules-core (Harshit Mogalapalli) [Orabug: 38224682] [5.15.0-313.189.3.el9uek] - x86/vmscape: Warn when STIBP is disabled with SMT (Pawan Gupta) [Orabug: 38424092] - x86/bugs: Move cpu_bugs_smt_update() down (Pawan Gupta) [Orabug: 38424092] - x86/vmscape: Enable the mitigation (Pawan Gupta) [Orabug: 38424092] - x86/vmscape: Add conditional IBPB mitigation (Pawan Gupta) [Orabug: 38424092] - x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (Josh Poimboeuf) [Orabug: 38424092] - x86/vmscape: Add old Intel CPUs to affected list (Pawan Gupta) [Orabug: 38424092] - x86/vmscape: Enumerate VMSCAPE bug (Pawan Gupta) [Orabug: 38424092] - Documentation/hw-vuln: Add VMSCAPE documentation (Pawan Gupta) [Orabug: 38424092] - vsock: Do not allow binding to VMADDR_PORT_ANY (Budimir Markovic) [Orabug: 38454665,38351770] {CVE-2025-38618} - HID: core: ensure the allocated report buffer can contain the reserved report ID (Benjamin Tissoires) [Orabug: 38254347,38454662] {CVE-2025-38495} - HID: core: do not bypass hid_hw_raw_request (Benjamin Tissoires) [Orabug: 38254339,38454666] {CVE-2025-38494} - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Al Viro) [Orabug: 38310006,38454664] {CVE-2025-38499} - igc: fix disabling L1.2 PCI-E link substate on I226 on init (Valdikss) [Orabug: 38343660] - Input: xpad - set correct controller type for Acer NGR200 (Nilton Perim Neto) - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (Kuninori Morimoto) - squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher) [Orabug: 38343660] - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann) - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (Jan Beulich) - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn (Tu Jinjiang) - KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix (Will Deacon) - benet: fix BUG when creating VFs (Michal Schmidt) [Orabug: 38334975] {CVE-2025-38569} - smb: client: fix use-after-free in crypt_message when using async crypto (Wang Zhaolong) [Orabug: 38254323] {CVE-2025-38488} - kbuild: userprogs: use correct linker when mixing clang and GNU ld (Thomas Weißschuh) - ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS (Nathan Chancellor) - NFSv4.2: another fix for listxattr (Olga Kornievskaia) - cpuidle: governors: menu: Avoid using invalid recent intervals data (Rafael J. Wysocki) - netlink: avoid infinite retry looping in netlink_unicast() (Fedor Pchelkin) [Orabug: 38395124] {CVE-2025-38727} - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (Helge Deller) [Orabug: 38343660] - bpf, sockmap: Fix panic when calling skb_linearize (Jiayuan Chen) [Orabug: 38394723] {CVE-2025-38165} - netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin) - arm64: errata: Work around AmpereOne's erratum AC04_CPU_23 (D Scott Phillips) [Orabug: 38166347] - ARM: UEK: Disable arm64 erratum QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 38166347] - vhost-scsi: Fix check for inline_sg_cnt exceeding preallocated limit (Alok Tiwari) [Orabug: 38324335] - mm/hugetlb: fix copy_hugetlb_page_range() to check ->pt_share_count (Jane Chu) [Orabug: 38346475] - Reapply "mm: hugetlb: independent PMD page table shared count" (Jane Chu) [Orabug: 38346475] - uek-rpm: pensando: enable config options for fips (Joseph Dobosenski) [Orabug: 38354692] [5.15.0-313.189.2.el9uek] - LTS version: v5.15.189 (Vijayendra Suman) - rseq: Fix segfault on registration when rseq_cs is non-zero (Michael Jeanson) [Orabug: 38095071] {CVE-2025-38067} - x86/mm: Disable hugetlb page table sharing on 32-bit (Jann Horn) - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (Hans de Goede) - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras (Chia-Lin Kao) [Orabug: 38324278] {CVE-2025-38540} - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY (Zhang Heng) - vt: add missing notification when switching back to text mode (Nicolas Pitre) - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 (Akira Inoue) - net: usb: qmi_wwan: add SIMCom 8230C composition (Xiaowei Li) - um: vector: Reduce stack usage in vector_eth_configure() (Tiwei Bie) - atm: idt77252: Add missing dma_map_error() (Thomas Fourier) - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (Somnath Kotur) [Orabug: 38254089] {CVE-2025-38439} - bnxt_en: Fix DCB ETS validation (Shravya Kn) - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() (Alok Tiwari) - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level (Sean Nyekjaer) - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx (Oleksij Rempel) - net: appletalk: Fix device refcount leak in atrtr_create() (Kito Xu) [Orabug: 38324289] {CVE-2025-38542} - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (Eric Dumazet) [Orabug: 38254095] {CVE-2025-38441} - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() (Al Viro) - smb: server: make use of rdma_destroy_qp() (Stefan Metzmacher) - nbd: fix uaf in nbd_genl_connect() error path (Zheng Qixing) [Orabug: 38254101] {CVE-2025-38443} - raid10: cleanup memleak at raid10_make_request (Nigel Croxon) [Orabug: 38254105] {CVE-2025-38444} - md/raid1: Fix stack memory use after return in raid1_reshape (Wang Jinchao) [Orabug: 38254108] {CVE-2025-38445} - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() (Daniil Dulov) [Orabug: 38324160] {CVE-2025-38513} - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 (Christian König) - dma-buf: use new iterator in dma_resv_wait_timeout (Christian König) - dma-buf: add dma_resv_for_each_fence_unlocked v8 (Christian König) - usb: dwc3: Abort suspend on soft disconnect failure (Kuen-Han Tsai) - usb: cdnsp: Fix issue with CV Bad Descriptor test (Pawel Laszczak) - usb: cdnsp: Replace snprintf() with the safer scnprintf() variant (Lee Jones) - usb:cdnsp: remove TRB_FLUSH_ENDPOINT command (Pawel Laszczak) - Input: xpad - support Acer NGR 200 Controller (Nilton Perim Neto) - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS (Hongyu Xie) - usb: xhci: quirk for data loss in ISOC transfers (Raju Rangoju) - xhci: Allow RPM on the USB controller (1022:43f7) by default (Basavaraj Natikar) - virtio-net: ensure the received length does not exceed allocated size (Bui Quang Minh) [Orabug: 38253833] {CVE-2025-38375} - netlink: make sure we allow at least one dump skb (Jakub Kicinski) - netlink: Fix rmem check in netlink_broadcast_deliver(). (Kuniyuki Iwashima) - btrfs: use btrfs_record_snapshot_destroy() during rmdir (Filipe Manana) - btrfs: propagate last_unlink_trans earlier when doing a rmdir (Filipe Manana) - Revert "ACPI: battery: negate current when discharging" (Rafael J. Wysocki) - usb: gadget: u_serial: Fix race condition in TTY wakeup (Kuen-Han Tsai) [Orabug: 38254117] {CVE-2025-38448} - drm/gem: Fix race in drm_gem_handle_create_tail() (Simona Vetter) - drm/sched: Increment job count before swapping tail spsc queue (Matthew Brost) [Orabug: 38324179] {CVE-2025-38515} - pinctrl: qcom: msm: mark certain pins as invalid for interrupts (Bartosz Golaszewski) [Orabug: 38324185] {CVE-2025-38516} - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (Jp Kobryn) - x86/mce: Don't remove sysfs if thresholding sysfs init fails (Yazen Ghannam) - x86/mce/amd: Fix threshold limit reset (Yazen Ghannam) - xen: replace xen_remap() with memremap() (Juergen Gross) - jfs: fix null ptr deref in dtInsertEntry (Edward Adam Davis) [Orabug: 36993160] {CVE-2024-44939} - bpf, sockmap: Fix skb refcnt race after locking changes (John Fastabend) - aoe: avoid potential deadlock at set_capacity (Maksim Kiselev) [Orabug: 36530894] {CVE-2024-26775} - thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (Lee, Chun-Yi) [Orabug: 37283277] {CVE-2022-48703} - bpf: fix precision backtracking instruction iteration (Andrii Nakryiko) - rxrpc: Fix oops due to non-existence of prealloc backlog struct (David Howells) [Orabug: 38324169] {CVE-2025-38514} - net/sched: Abort __tc_modify_qdisc if parent class does not exist (Victor Nogueira) [Orabug: 38254146] {CVE-2025-38457} - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (Yue Haibing) [Orabug: 38254152] {CVE-2025-38458} - atm: clip: Fix infinite recursive call of clip_push(). (Kuniyuki Iwashima) [Orabug: 38254160] {CVE-2025-38459} - atm: clip: Fix memory leak of struct clip_vcc. (Kuniyuki Iwashima) [Orabug: 38324308] {CVE-2025-38546} - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). (Kuniyuki Iwashima) [Orabug: 38254166] {CVE-2025-38460} - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX (Oleksij Rempel) - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap (Oleksij Rempel) - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also transport_local (Michal Luczaj) - vsock: Fix transport_* TOCTOU (Michal Luczaj) [Orabug: 38254172] {CVE-2025-38461} - vsock: Fix transport_{g2h,h2g} TOCTOU (Michal Luczaj) [Orabug: 38254175] {CVE-2025-38462} - tipc: Fix use-after-free in tipc_conn_close(). (Kuniyuki Iwashima) [Orabug: 38254180] {CVE-2025-38464} - netlink: Fix wraparounds of sk->sk_rmem_alloc. (Kuniyuki Iwashima) [Orabug: 38254187] {CVE-2025-38465} - fix proc_sys_compare() handling of in-lookup dentries (Al Viro) - perf: Revert to requiring CAP_SYS_ADMIN for uprobes (Peter Zijlstra) [Orabug: 38254196] {CVE-2025-38466} - ASoC: fsl_asrc: use internal measured ratio for non-ideal ratio mode (Shengjiu Wang) - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling (Kaustabh Chakraborty) [Orabug: 38254202] {CVE-2025-38467} [5.15.0-313.187.1.el9uek] - drm/amdgpu: Remove ATC L2 access for MMHUB 2.1.x (Lijo Lazar) [Orabug: 37778293] - PCI/portdrv: Don't disable AER reporting in get_port_device_capability() (Stefan Roese) [Orabug: 37778293] - PCI/AER: Enable error reporting when AER is native (Stefan Roese) [Orabug: 37778293] - PCI/AER: Configure ECRC for every device (Stefan Roese) [Orabug: 37778293] - net/rds: Add support for RDS_CMSG_TOS (Gerd Rausch) [Orabug: 38058308] - net/rds: Add support RDS_FEATURE ELF notes (Gerd Rausch) [Orabug: 38063328] _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata