|
|
Log in / Subscribe / Register

Oracle alert ELSA-2025-18318 (kernel)



From:
              Errata Announcements for Oracle Linux via El-errata <el-errata@oss.oracle.com>


To:
              el-errata@oss.oracle.com


Subject:
              [El-errata] ELSA-2025-18318 Moderate: Oracle Linux 10 kernel security update


Date:
              Thu, 23 Oct 2025 06:02:03 -0700


Message-ID:
              <mailman.439.1761224532.31.el-errata@oss.oracle.com>


Oracle Linux Security Advisory ELSA-2025-18318

http://linux.oracle.com/errata/ELSA-2025-18318.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux
Network:

x86_64:
kernel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-abi-stablelists-6.12.0-55.40.1.0.1.el10_0.noarch.rpm
kernel-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-cross-headers-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-matched-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-extra-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-uki-virt-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-devel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-devel-matched-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-doc-6.12.0-55.40.1.0.1.el10_0.noarch.rpm
kernel-headers-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-modules-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-modules-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-modules-extra-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-tools-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-devel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-addons-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
libperf-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
perf-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
python3-perf-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
rtla-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
rv-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-headers-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-tools-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-devel-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
libperf-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
perf-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
python3-perf-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
rtla-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
rv-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55...

Related CVEs:

CVE-2025-38351
CVE-2025-38571
CVE-2025-38572
CVE-2025-38614
CVE-2025-39817
CVE-2025-39841




Description of changes:

[6.12.0-55.40.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list
(olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]

[6.12.0-55.40.1]
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (CKI Backport Bot) [RHEL-119125]
{CVE-2025-39841}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CKI Backport Bot) [RHEL-118460]
{CVE-2025-39817}
- ibmveth: Add multi buffers rx replenishment hcall support (Mamatha Inamdar) [RHEL-116192]
- net: ibmveth: Reset the adapter when unexpected states are detected (Mamatha Inamdar)
[RHEL-116192]
- SUNRPC: call xs_sock_process_cmsg for all cmsg (Olga Kornievskaia) [RHEL-110813]
- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [RHEL-110813]
{CVE-2025-38571}
- s390/pci: Do not try re-enabling load/store if device is disabled (CKI Backport Bot)
[RHEL-114447]
- s390/pci: Fix stale function handles in error handling (CKI Backport Bot) [RHEL-114447]
- s390/hypfs: Enable limited access during lockdown (CKI Backport Bot) [RHEL-114430]
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (CKI Backport Bot) [RHEL-114430]
- ibmvnic: Use ndo_get_stats64 to fix inaccurate SAR reporting (Mamatha Inamdar) [RHEL-114438]
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (Mamatha Inamdar)
[RHEL-114438]
- ibmvnic: Add stat for tx direct vs tx batched (Mamatha Inamdar) [RHEL-114438]
- ipv6: reject malicious packets in ipv6_gso_segment() (CKI Backport Bot) [RHEL-113248]
{CVE-2025-38572}
- enic: fix incorrect MTU comparison in enic_change_mtu() (John Meneghini) [RHEL-108265]
- net/enic: Allow at least 8 RQs to always be used (John Meneghini) [RHEL-108265]
- enic: get max rq & wq entries supported by hw, 16K queues (John Meneghini) [RHEL-106602]
- enic: cleanup of enic wq request completion path (John Meneghini) [RHEL-106602]
- enic: added enic_wq.c and enic_wq.h (John Meneghini) [RHEL-106602]
- enic: remove unused function cq_enet_wq_desc_dec (John Meneghini) [RHEL-106602]
- enic: enable rq extended cq support (John Meneghini) [RHEL-106602]
- enic: enic rq extended cq defines (John Meneghini) [RHEL-106602]
- enic: enic rq code reorg (John Meneghini) [RHEL-106602]
- enic: Move function from header file to c file (John Meneghini) [RHEL-106602]
- enic: add dependency on Page Pool (John Meneghini) [RHEL-106602]
- enic: remove copybreak tunable (John Meneghini) [RHEL-106602]
- enic: Use the Page Pool API for RX (John Meneghini) [RHEL-106602]
- enic: Simplify RX handler function (John Meneghini) [RHEL-106602]
- enic: Move RX functions to their own file (John Meneghini) [RHEL-106602]
- enic: Fix typo in comment in table indexed by link speed (John Meneghini) [RHEL-106602]
- enic: Obtain the Link speed only after the link comes up (John Meneghini) [RHEL-106602]
- enic: Move RX coalescing set function (John Meneghini) [RHEL-106602]
- enic: Move kdump check into enic_adjust_resources() (John Meneghini) [RHEL-106602]
- enic: Move enic resource adjustments to separate function (John Meneghini) [RHEL-106602]
- enic: Adjust used MSI-X wq/rq/cq/interrupt resources in a more robust way (John Meneghini)
[RHEL-106602]
- enic: Allocate arrays in enic struct based on VIC config (John Meneghini) [RHEL-106602]
- enic: Save resource counts we read from HW (John Meneghini) [RHEL-106602]
- enic: Make MSI-X I/O interrupts come after the other required ones (John Meneghini)
[RHEL-106602]
- enic: Create enic_wq/rq structures to bundle per wq/rq data (John Meneghini) [RHEL-106602]
- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (John Meneghini) [RHEL-111542]
- scsi: fnic: Set appropriate logging level for log message (John Meneghini) [RHEL-111542]
- scsi: fnic: Add and improve logs in FDMI and FDMI ABTS paths (John Meneghini) [RHEL-111542]
- scsi: fnic: Turn off FDMI ACTIVE flags on link down (John Meneghini) [RHEL-111542]
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (John Meneghini) [RHEL-111542]
- scsi: fnic: Remove unnecessary spinlock locking and unlocking (John Meneghini) [RHEL-111539]
- scsi: fnic: Replace fnic->lock_flags with local flags (John Meneghini) [RHEL-111539]
- scsi: fnic: Replace use of sizeof with standard usage (John Meneghini) [RHEL-111539]
- scsi: fnic: Fix indentation and remove unnecessary parenthesis (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove unnecessary debug print (John Meneghini) [RHEL-111539]
- scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (John Meneghini) [RHEL-111539]
- scsi: fnic: Test for memory allocation failure and return error code (John Meneghini)
[RHEL-111539]
- scsi: fnic: Return appropriate error code from failure of scsi drv init (John Meneghini)
[RHEL-111539]
- scsi: fnic: Return appropriate error code for mem alloc failure (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (John Meneghini) [RHEL-111539]
- scsi: fnic: Fix use of uninitialized value in debug message (John Meneghini) [RHEL-111539]
- scsi: fnic: Delete incorrect debugfs error handling (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove extern definition from .c files (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Increment driver version (John Meneghini) [RHEL-111539]
- scsi: fnic: Add support to handle port channel RSCN (John Meneghini) [RHEL-111539]
- scsi: fnic: Code cleanup (John Meneghini) [RHEL-111539]
- scsi: fnic: Add stats and related functionality (John Meneghini) [RHEL-111539]
- scsi: fnic: Modify fnic interfaces to use FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Modify IO path to use FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Add functionality in fnic to support FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Add and integrate support for FIP (John Meneghini) [RHEL-111539]
- scsi: fnic: Add and integrate support for FDMI (John Meneghini) [RHEL-111539]
- scsi: fnic: Add Cisco hardware model names (John Meneghini) [RHEL-111539]
- scsi: fnic: Add support for unsolicited requests and responses (John Meneghini) [RHEL-111539]
- scsi: fnic: Add support for target based solicited requests and responses (John Meneghini)
[RHEL-111539]
- scsi: fnic: Add support for fabric based solicited requests and responses (John Meneghini)
[RHEL-111539]
- scsi: fnic: Add headers and definitions for FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (John Meneghini) [RHEL-111539]
- eventpoll: Fix semi-unbounded recursion (CKI Backport Bot) [RHEL-111056] {CVE-2025-38614}
- mm/memory-tier: fix abstract distance calculation overflow (Rafael Aquini) [RHEL-109447]
- KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CKI Backport Bot)
[RHEL-104737] {CVE-2025-38351}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds