Oracle alert ELSA-2025-18281 (kernel)
| From: | Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2025-18281 Moderate: Oracle Linux 9 kernel security update | |
| Date: | Tue, 21 Oct 2025 02:10:59 -0700 | |
| Message-ID: | <mailman.398.1761037868.31.el-errata@oss.oracle.com> |
Oracle Linux Security Advisory ELSA-2025-18281 http://linux.oracle.com/errata/ELSA-2025-18281.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-abi-stablelists-5.14.0-570.55.1.0.1.el9_6.noarch.rpm kernel-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-cross-headers-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-devel-matched-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-modules-extra-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-debug-uki-virt-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-devel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-devel-matched-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-doc-5.14.0-570.55.1.0.1.el9_6.noarch.rpm kernel-headers-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-modules-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-modules-core-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-modules-extra-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-tools-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-tools-libs-devel-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm kernel-uki-virt-addons-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm libperf-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm perf-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm python3-perf-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm rtla-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm rv-5.14.0-570.55.1.0.1.el9_6.x86_64.rpm aarch64: kernel-cross-headers-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm kernel-headers-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm kernel-tools-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm kernel-tools-libs-devel-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm perf-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm python3-perf-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm rtla-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm rv-5.14.0-570.55.1.0.1.el9_6.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-570... Related CVEs: CVE-2022-50087 CVE-2025-22026 CVE-2025-38566 CVE-2025-38571 CVE-2025-39817 CVE-2025-39841 CVE-2025-39849 Description of changes: [5.14.0-570.55.1.0.1] - nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5] - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535] - Add Oracle Linux IMA certificates - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764] [5.14.0-570.55.1] - scsi: lpfc: Fix buffer free/clear order in deferred receive path (CKI Backport Bot) [RHEL-119115] {CVE-2025-39841} [5.14.0-570.54.1] - firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Charles Mirabile) [RHEL-113836] {CVE-2022-50087} - SUNRPC: call xs_sock_process_cmsg for all cmsg (Olga Kornievskaia) [RHEL-110811] - sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [RHEL-110811] {CVE-2025-38571} - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CKI Backport Bot) [RHEL-118256] {CVE-2025-39817} - sunrpc: fix handling of server side tls alerts (Steve Dickson) [RHEL-111070] {CVE-2025-38566} - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (Jay Shin) [RHEL-116679] [5.14.0-570.53.1] - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CKI Backport Bot) [RHEL-117578] {CVE-2025-39849} - ibmvnic: Use ndo_get_stats64 to fix inaccurate SAR reporting (Mamatha Inamdar) [RHEL-114436] - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (Mamatha Inamdar) [RHEL-114436] - ibmvnic: Add stat for tx direct vs tx batched (Mamatha Inamdar) [RHEL-114436] - nfsd: don't ignore the return code of svc_proc_register() (Olga Kornievskaia) [RHEL-93610] {CVE-2025-22026} - irdma: free iwdev->rf after removing MSI-X (CKI Backport Bot) [RHEL-111485] _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata