ELSA-2025-15011

ULN >
Oracle Linux Errata repository >
ELSA-2025-15011

ELSA-2025-15011 - kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-09-03

Description

[5.14.0-570.39.1.0.1_6.OL9]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-570.39.1_6]
- xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CKI Backport Bot) [RHEL-109529] {CVE-2025-38500}
- Merge: net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response [rhel-9.6.z] (Maxim Levitsky) [RHEL-58904]
- s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-102036]
- s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-102036]
- s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-102036]
- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-102036]
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Thomas Huth) [RHEL-102036] {CVE-2025-37946}
- s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-102036] {CVE-2025-37974}
- s390/pci: Fix potential double remove of hotplug slot (Thomas Huth) [RHEL-102036] {CVE-2024-56699}
- s390/pci: remove hotplug slot when releasing the device (Thomas Huth) [RHEL-102036]
- s390/pci: introduce lock to synchronize state of zpci_dev's (Thomas Huth) [RHEL-102036]
- s390/pci: rename lock member in struct zpci_dev (Thomas Huth) [RHEL-102036]
- net/sched: Abort __tc_modify_qdisc if parent class does not exist (CKI Backport Bot) [RHEL-107895]
- i40e: report VF tx_dropped with tx_errors instead of tx_discards (Dennis Chen) [RHEL-105137]
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Mete Durlu) [RHEL-94815]
- s390/pci: Fix handling of isolated VFs (CKI Backport Bot) [RHEL-85387]
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (CKI Backport Bot) [RHEL-85387]
- s390/pci: Fix SR-IOV for PFs initially in standby (CKI Backport Bot) [RHEL-85387]
- tipc: Fix use-after-free in tipc_conn_close(). (CKI Backport Bot) [RHEL-106651] {CVE-2025-38464}
- Revert 'smb: client: fix TCP timers deadlock after rmmod' (Paulo Alcantara) [RHEL-106415] {CVE-2025-22077}
- Revert 'smb: client: Fix netns refcount imbalance causing leaks and use-after-free' (Paulo Alcantara) [RHEL-106415]
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-106415]
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (David Arcari) [RHEL-103555]

[5.14.0-570.38.1_6]
- net/sched: ets: use old 'nbands' while purging unused classes (CKI Backport Bot) [RHEL-107537] {CVE-2025-38350}
- net/sched: Always pass notifications when child class becomes empty (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
- net_sched: ets: fix a race in ets_qdisc_change() (Ivan Vecera) [RHEL-107537] {CVE-2025-38107}
- sch_htb: make htb_deactivate() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37953}
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Ivan Vecera) [RHEL-93387] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
- sch_drr: make drr_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-38350}
- sch_htb: make htb_qlen_notify() idempotent (Ivan Vecera) [RHEL-93387] {CVE-2025-37932}
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-107630] {CVE-2025-37823}
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CKI Backport Bot) [RHEL-106046] {CVE-2025-38200}
- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-106003] {CVE-2025-38461}
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CKI Backport Bot) [RHEL-104273] {CVE-2025-38211}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_aarch64_appstream
	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_aarch64_u6_baseos_patch
	kernel-cross-headers-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	655cf0d577c3accce01c34c2dca235c75b0c21495ae8ff2e071d5b70b984cdcb	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	84314418f892c6867bf407f3b9ef85422f675357f14c5fe3aea73a0112b9bac9	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	07ed4827b3980bf153f2b788408230319f1f1e169c4b46cf4180a4ca0c5022f5	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	07ed4827b3980bf153f2b788408230319f1f1e169c4b46cf4180a4ca0c5022f5	-	ol9_aarch64_u6_baseos_patch
	kernel-tools-libs-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	7fe1383d346be191c0b2f9bb936fefb43c93406fb2c633d0625ef9c6402969de	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	7fe1383d346be191c0b2f9bb936fefb43c93406fb2c633d0625ef9c6402969de	-	ol9_aarch64_u6_baseos_patch
	kernel-tools-libs-devel-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	47ad53733c2e776fe21671a385d2ef2d86498aa79ca49773e50731f10ab792d8	-	ol9_aarch64_codeready_builder
	libperf-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	7056260b2b449a8fcc2e48c3044b5caece0c993901c9e7107873489c0fd01bad	-	ol9_aarch64_codeready_builder
	perf-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	9a7dfa955cc775403db146d825d8f7693c7edf93c827d04628c756a000f9bd58	-	ol9_aarch64_appstream
	python3-perf-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	d8371797735e554d852fd45ab1e331babf952d43a18fc3cdae5d7fa75bf48de0	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	d8371797735e554d852fd45ab1e331babf952d43a18fc3cdae5d7fa75bf48de0	-	ol9_aarch64_u6_baseos_patch
	rtla-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	41656e0d2189a3cce2285720ab53b9c19a1ebcb666beb0a691e962bf75291434	-	ol9_aarch64_appstream
	rv-5.14.0-570.39.1.0.1.el9_6.aarch64.rpm	6afac4016e3ac184a586c9e7db1c7893dc0d2467d2cc43621063b1f0e2fc4f90	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_x86_64_appstream
	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-570.39.1.0.1.el9_6.src.rpm	c51ad60a197249744dcb470b0945bb22aaed7c60a9322062a75c0a3c271b35c0	-	ol9_x86_64_u6_baseos_patch
	kernel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3a12d4b6cc0129ccde48727871fa79ce904758c0a57567493b7af851dfa7b380	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3a12d4b6cc0129ccde48727871fa79ce904758c0a57567493b7af851dfa7b380	-	ol9_x86_64_u6_baseos_patch
	kernel-abi-stablelists-5.14.0-570.39.1.0.1.el9_6.noarch.rpm	f970c014d9e9422f894b79b17492dfc4145931b1660eb47c3f72da3ee382b371	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-570.39.1.0.1.el9_6.noarch.rpm	f970c014d9e9422f894b79b17492dfc4145931b1660eb47c3f72da3ee382b371	-	ol9_x86_64_u6_baseos_patch
	kernel-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3be6bd40cce342403b339ec6412e6cd56a3a0cfa420cc17ca78b99f1a94a217c	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3be6bd40cce342403b339ec6412e6cd56a3a0cfa420cc17ca78b99f1a94a217c	-	ol9_x86_64_u6_baseos_patch
	kernel-cross-headers-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	75e2486c77ba4d2cf47f3030e0bc2a48a98d75fb61321538d26235e0f9a35901	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	a0010fb0ec5f26e3e21ae639f80c1d54da3007a33d9575a588a826a30ac8854e	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	a0010fb0ec5f26e3e21ae639f80c1d54da3007a33d9575a588a826a30ac8854e	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	0186718d3230b017cb7f0732f6f72cd10e969c433fd5698ec16f7873942a3536	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	0186718d3230b017cb7f0732f6f72cd10e969c433fd5698ec16f7873942a3536	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-devel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	79c1e69d661702cea5b684ae86a45cea28315f5f4e3277f7189b945b8dbd38c8	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	5fa30901a51148c657d178156666bccd6db1d5be960a737521841267aa514a22	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	0ace2708f46b714191b3e7c8f471a013092b2be3a57f9f444cb156bd95a8a09d	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	0ace2708f46b714191b3e7c8f471a013092b2be3a57f9f444cb156bd95a8a09d	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-modules-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	726a4e35f7f24bf88ffce14ac49338e087ade316d64d26123d555189f812529e	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	726a4e35f7f24bf88ffce14ac49338e087ade316d64d26123d555189f812529e	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-modules-extra-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	fde7740d92878f10d5549a999367609dec9608b19f4435687fceec0792b533ff	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	fde7740d92878f10d5549a999367609dec9608b19f4435687fceec0792b533ff	-	ol9_x86_64_u6_baseos_patch
	kernel-debug-uki-virt-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	a62a9ae6109057b834f81dd152225ab87a904ded7405e04309cad16553e38d04	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	a62a9ae6109057b834f81dd152225ab87a904ded7405e04309cad16553e38d04	-	ol9_x86_64_u6_baseos_patch
	kernel-devel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	2049322c600839309047c1d848454a8216e3e5af6b5780c0c7c4c638c053833a	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	e66348d0f87e80c5c27211a272cc1334b81ffd448679ef60339573d36834ebc9	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-570.39.1.0.1.el9_6.noarch.rpm	03e5b8c2a27480dc69253df54ccee3db6c80b905a2e863b2e01cbf047b666337	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	f02d2027b31149b4c1e3cada3b50264e0a8a4cac4949bf433514702bee7d1301	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	292c5eea5a70d5a254724330438ada8a7cffb958b0458948b8566d89f006143f	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	292c5eea5a70d5a254724330438ada8a7cffb958b0458948b8566d89f006143f	-	ol9_x86_64_u6_baseos_patch
	kernel-modules-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3f52d6cde7b862b4b2cde80a627defa812e62f2e0bc725c9e7e6e668018aa623	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3f52d6cde7b862b4b2cde80a627defa812e62f2e0bc725c9e7e6e668018aa623	-	ol9_x86_64_u6_baseos_patch
	kernel-modules-extra-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	7c988f394d65760d51fa9322f16c0b7991716b8db4f9083edad0e0fa2efd1ddc	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	7c988f394d65760d51fa9322f16c0b7991716b8db4f9083edad0e0fa2efd1ddc	-	ol9_x86_64_u6_baseos_patch
	kernel-tools-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	4d7ae349c86645a5e420baab955ae8ecd2446fe25ef3c1c7882e3c1e054b1977	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	4d7ae349c86645a5e420baab955ae8ecd2446fe25ef3c1c7882e3c1e054b1977	-	ol9_x86_64_u6_baseos_patch
	kernel-tools-libs-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	5d2924bc96e5e0fc80d383e7889aa32a985f70375cc29e36ab7f40099df652a2	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	5d2924bc96e5e0fc80d383e7889aa32a985f70375cc29e36ab7f40099df652a2	-	ol9_x86_64_u6_baseos_patch
	kernel-tools-libs-devel-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	93ac2e29919861e584f3df89d467df48975bdb625ad5c5b8c0a9cf01d91091e4	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	4322824a51e7d347cd23ff16dc32061b0d08d71281486c80b7d8f83d5e760ccc	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	4322824a51e7d347cd23ff16dc32061b0d08d71281486c80b7d8f83d5e760ccc	-	ol9_x86_64_u6_baseos_patch
	kernel-uki-virt-addons-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	fd035c5d90043fce3408825e462dc95a54b88d7f6479d5ed4508a2f20ae6c485	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	fd035c5d90043fce3408825e462dc95a54b88d7f6479d5ed4508a2f20ae6c485	-	ol9_x86_64_u6_baseos_patch
	libperf-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	7e0f46875eb88ebb67b1a501a558042727c9decb5873e2b36e01cef6baba83fd	-	ol9_x86_64_codeready_builder
	perf-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3b11440129c4316b3ccf51524654b7af2fd2039a6351e21a683c375be00107fc	-	ol9_x86_64_appstream
	python3-perf-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3d471a4aaf7b75df26d39e25ee41f258e8ea077dc04a122a799d7e87cf67e553	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3d471a4aaf7b75df26d39e25ee41f258e8ea077dc04a122a799d7e87cf67e553	-	ol9_x86_64_u6_baseos_patch
	rtla-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	3ab063b2ec87c5a6247e3f31711900e404ee84013b0787338351e2995109eeb6	-	ol9_x86_64_appstream
	rv-5.14.0-570.39.1.0.1.el9_6.x86_64.rpm	6f8d80cbe887c0918e1e9854c8b68ae6c094e60a8b0e0848e986ca1871d4e65e	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691