ELSA-2025-22854

ULN >
Oracle Linux Errata repository >
ELSA-2025-22854

ELSA-2025-22854 - kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-12-08

Description

[6.12.0-124.20.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
- Clean git history at setup stage

[6.12.0-124.20.1]
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (CKI Backport Bot) [RHEL-125482] {CVE-2025-40058}
- net/mlx5: fs, fix UAF in flow counter release (Michal Schmidt) [RHEL-124432] {CVE-2025-39979}
- dpll: zl3073x: Fix output pin registration (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Handle missing or corrupted flash configuration (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Refactor DPLL initialization (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (Ivan Vecera) [RHEL-114795]
- dpll: Make ZL3073X invisible (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Fix build failure (Ivan Vecera) [RHEL-114795]
- redhat/configs: enable CONFIG_ZL3073X* (Ivan Vecera) [RHEL-114795]
- redhat/configs: enable CONFIG_I2C_MUX_PCA954x on x86 (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Add support to get fractional frequency offset (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Add support to adjust phase (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Implement phase offset monitor feature (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Add support to get phase offset on connected input pin (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Add support to get/set esync on pins (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Add support to get/set frequency on pins (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Implement input pin state setting in automatic mode (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Add support to get/set priority on input pins (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Implement input pin selection in manual mode (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Register DPLL devices and pins (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Read DPLL types and pin properties from system firmware (Ivan Vecera) [RHEL-114795]
- dpll: zl3073x: Fetch invariants during probe (Ivan Vecera) [RHEL-114795]
- dpll: Add basic Microchip ZL3073x support (Ivan Vecera) [RHEL-114795]
- dt-bindings: dpll: Add support for Microchip Azurite chip family (Ivan Vecera) [RHEL-114795]
- dt-bindings: dpll: Add DPLL device and pin (Ivan Vecera) [RHEL-114795]
- idpf: set mac type when adding and removing MAC filters (CKI Backport Bot) [RHEL-123372]
- crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Fix SNP panic notifier unregistration (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Fix dereferencing uninitialized error pointer (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Fix __sev_snp_shutdown_locked (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Move SEV/SNP Platform initialization to KVM (Lenny Szubowicz) [RHEL-76557]
- KVM: SVM: Add support to initialize SEV/SNP functionality in KVM (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Add new SEV/SNP platform shutdown API (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Register SNP panic notifier only if SNP is enabled (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Reset TMR size at SNP Shutdown (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Ensure implicit SEV/SNP init and shutdown in ioctls (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Move dev_info/err messages for SEV/SNP init and shutdown (Lenny Szubowicz) [RHEL-76557]
- crypto: ccp - Abort doing SEV INIT if SNP INIT fails (Lenny Szubowicz) [RHEL-76557]
- s390/pci: Do not try re-enabling load/store if device is disabled (CKI Backport Bot) [RHEL-114448]
- s390/pci: Fix stale function handles in error handling (CKI Backport Bot) [RHEL-114448]

[6.12.0-124.19.1]
- Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CKI Backport Bot) [RHEL-122901] {CVE-2025-39981}
- Bluetooth: MGMT: Fix sparse errors (CKI Backport Bot) [RHEL-122901] {CVE-2025-39981}
- Bluetooth: MGMT: Fix possible UAFs (CKI Backport Bot) [RHEL-122901] {CVE-2025-39981}
- Bluetooth: hci_sync: fix set_local_name race condition (CKI Backport Bot) [RHEL-122901] {CVE-2025-39981}
- Bluetooth: MGMT: set_mesh: update LE scan interval and window (CKI Backport Bot) [RHEL-122901] {CVE-2025-39981}
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock (CKI Backport Bot) [RHEL-122901] {CVE-2025-39981}
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (CKI Backport Bot) [RHEL-122901] {CVE-2025-39981}
- Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue (CKI Backport Bot) [RHEL-124134] {CVE-2025-39983}
- can: j1939: add missing calls in NETDEV_UNREGISTER notification handler (CKI Backport Bot) [RHEL-124110] {CVE-2025-39925}
- can: j1939: implement NETDEV_UNREGISTER notification handler (CKI Backport Bot) [RHEL-124110] {CVE-2025-39925}
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (CKI Backport Bot) [RHEL-123824] {CVE-2025-39982}

[6.12.0-124.18.1]
- ice: ice_adapter: release xa entry on adapter allocation failure (CKI Backport Bot) [RHEL-128472] {CVE-2025-40185}
- cifs: Fix oops due to uninitialised variable (CKI Backport Bot) [RHEL-120562] {CVE-2025-38737}

[6.12.0-124.17.1]
- x86/hyperv: Fix kdump on Azure CVMs (Li Tian) [RHEL-129777]
- tunnels: reset the GSO metadata before reusing the skb (Antoine Tenart) [RHEL-113919]
- io_uring/waitid: always prune wait queue entry in io_waitid_wait() (CKI Backport Bot) [RHEL-124974] {CVE-2025-40047}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 10 (aarch64)	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_aarch64_appstream
	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_aarch64_baseos_latest
	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_aarch64_codeready_builder
	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_aarch64_u1_baseos_patch
	kernel-cross-headers-6.12.0-124.20.1.el10_1.aarch64.rpm	c323edb4f10233c85c3b162da755cbac1e796c03b3aca0cc8ce938d235ba8987	-	ol10_aarch64_codeready_builder
	kernel-headers-6.12.0-124.20.1.el10_1.aarch64.rpm	1f4fa5643dde31c2ddd122317bc93894e3c52c10c80b3b16c0090aeed4307ccc	-	ol10_aarch64_appstream
	kernel-tools-6.12.0-124.20.1.el10_1.aarch64.rpm	4cab8f53d6b061df50fdd7bbecf16fd07d2298a92e1cf7732981041d18306cda	-	ol10_aarch64_baseos_latest
	kernel-tools-6.12.0-124.20.1.el10_1.aarch64.rpm	4cab8f53d6b061df50fdd7bbecf16fd07d2298a92e1cf7732981041d18306cda	-	ol10_aarch64_u1_baseos_patch
	kernel-tools-libs-6.12.0-124.20.1.el10_1.aarch64.rpm	7a6460c2eeba7e479727384fe322cfdaf06d7a57855e50124216044d7e3a85da	-	ol10_aarch64_baseos_latest
	kernel-tools-libs-6.12.0-124.20.1.el10_1.aarch64.rpm	7a6460c2eeba7e479727384fe322cfdaf06d7a57855e50124216044d7e3a85da	-	ol10_aarch64_u1_baseos_patch
	kernel-tools-libs-devel-6.12.0-124.20.1.el10_1.aarch64.rpm	1212391c9624798d99bb77727a5c87b8bcd2f3344d406858c200a5f186ab01df	-	ol10_aarch64_codeready_builder
	libperf-6.12.0-124.20.1.el10_1.aarch64.rpm	e6fb77144e9f56bcb52591e37315f3ac0e1fdbc10238bec28bd9b8ef86ac46af	-	ol10_aarch64_codeready_builder
	perf-6.12.0-124.20.1.el10_1.aarch64.rpm	5b130f248b9b28dae15c081f687ca12ec993a2c3fe73469e531fabd7fdf9e315	-	ol10_aarch64_appstream
	python3-perf-6.12.0-124.20.1.el10_1.aarch64.rpm	f62b73068cb745cdf1682e1ad617e36cd634a014dd058568d95cd6bfc217ef80	-	ol10_aarch64_appstream
	rtla-6.12.0-124.20.1.el10_1.aarch64.rpm	5eb2898b0652d823d8bf9fa118989dfcf2c762d607f5a105cc15e5efced862e3	-	ol10_aarch64_appstream
	rv-6.12.0-124.20.1.el10_1.aarch64.rpm	531fe61a3829bfc3275cd825965395e14b1380fc85a98eb25de724748dfb3475	-	ol10_aarch64_appstream

Oracle Linux 10 (x86_64)	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_x86_64_appstream
	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_x86_64_baseos_latest
	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_x86_64_codeready_builder
	kernel-6.12.0-124.20.1.el10_1.src.rpm	32d55d9242d80ba0fc4f0bc5eea496f86595947fb45dbd4161f9dab26ef03ac1	-	ol10_x86_64_u1_baseos_patch
	kernel-6.12.0-124.20.1.el10_1.x86_64.rpm	6b68db887c574d8f2ff4541b84cf4344d4452260d2bf37d4f6fafabaddcca720	-	ol10_x86_64_baseos_latest
	kernel-6.12.0-124.20.1.el10_1.x86_64.rpm	6b68db887c574d8f2ff4541b84cf4344d4452260d2bf37d4f6fafabaddcca720	-	ol10_x86_64_u1_baseos_patch
	kernel-abi-stablelists-6.12.0-124.20.1.el10_1.noarch.rpm	3130aa955a25b7b3e8b924671c0a00b8f3258da7b0785cc98588a2ecf42ba44c	-	ol10_x86_64_baseos_latest
	kernel-abi-stablelists-6.12.0-124.20.1.el10_1.noarch.rpm	3130aa955a25b7b3e8b924671c0a00b8f3258da7b0785cc98588a2ecf42ba44c	-	ol10_x86_64_u1_baseos_patch
	kernel-core-6.12.0-124.20.1.el10_1.x86_64.rpm	72e2959f8554fb12d0838ca901a2fabd855b58b51059ba3ea24c9c5e841be6cb	-	ol10_x86_64_baseos_latest
	kernel-core-6.12.0-124.20.1.el10_1.x86_64.rpm	72e2959f8554fb12d0838ca901a2fabd855b58b51059ba3ea24c9c5e841be6cb	-	ol10_x86_64_u1_baseos_patch
	kernel-cross-headers-6.12.0-124.20.1.el10_1.x86_64.rpm	ae8f689684de124b6541923d30ad622c165eb82722aa6f38d8964bd55b7d080a	-	ol10_x86_64_codeready_builder
	kernel-debug-6.12.0-124.20.1.el10_1.x86_64.rpm	d118149af37434c5aa5a2aa123fcc421f66529cca75a77e5ca80a62333043b67	-	ol10_x86_64_baseos_latest
	kernel-debug-6.12.0-124.20.1.el10_1.x86_64.rpm	d118149af37434c5aa5a2aa123fcc421f66529cca75a77e5ca80a62333043b67	-	ol10_x86_64_u1_baseos_patch
	kernel-debug-core-6.12.0-124.20.1.el10_1.x86_64.rpm	fb054af6280f2adf9c18398787b08fa3b12f111b391954187746bd759da65a5e	-	ol10_x86_64_baseos_latest
	kernel-debug-core-6.12.0-124.20.1.el10_1.x86_64.rpm	fb054af6280f2adf9c18398787b08fa3b12f111b391954187746bd759da65a5e	-	ol10_x86_64_u1_baseos_patch
	kernel-debug-devel-6.12.0-124.20.1.el10_1.x86_64.rpm	441957564ca72fa1c08e23373355c7563033702de8871265654afd8c940ed34f	-	ol10_x86_64_appstream
	kernel-debug-devel-matched-6.12.0-124.20.1.el10_1.x86_64.rpm	dad041966d751b73466ea206e702432c163522b1192d28bdcb4eb05681158e0d	-	ol10_x86_64_appstream
	kernel-debug-modules-6.12.0-124.20.1.el10_1.x86_64.rpm	e480205be4c3b682020a28529e03cab4c38a32ebb586cac1dc45c14f028eb213	-	ol10_x86_64_baseos_latest
	kernel-debug-modules-6.12.0-124.20.1.el10_1.x86_64.rpm	e480205be4c3b682020a28529e03cab4c38a32ebb586cac1dc45c14f028eb213	-	ol10_x86_64_u1_baseos_patch
	kernel-debug-modules-core-6.12.0-124.20.1.el10_1.x86_64.rpm	2d6f0eb007c3ea19c3203ea710cc5542f0e66bb661abd4fa06099f1809443477	-	ol10_x86_64_baseos_latest
	kernel-debug-modules-core-6.12.0-124.20.1.el10_1.x86_64.rpm	2d6f0eb007c3ea19c3203ea710cc5542f0e66bb661abd4fa06099f1809443477	-	ol10_x86_64_u1_baseos_patch
	kernel-debug-modules-extra-6.12.0-124.20.1.el10_1.x86_64.rpm	8f8063dd4f97269d0201e520b0f016a850b6d2a664fb3688b41e10d1dd0952b3	-	ol10_x86_64_baseos_latest
	kernel-debug-modules-extra-6.12.0-124.20.1.el10_1.x86_64.rpm	8f8063dd4f97269d0201e520b0f016a850b6d2a664fb3688b41e10d1dd0952b3	-	ol10_x86_64_u1_baseos_patch
	kernel-debug-uki-virt-6.12.0-124.20.1.el10_1.x86_64.rpm	e47b131393fc76144d7466b0325d52d9227a71653c056bda289148eed707a04e	-	ol10_x86_64_baseos_latest
	kernel-debug-uki-virt-6.12.0-124.20.1.el10_1.x86_64.rpm	e47b131393fc76144d7466b0325d52d9227a71653c056bda289148eed707a04e	-	ol10_x86_64_u1_baseos_patch
	kernel-devel-6.12.0-124.20.1.el10_1.x86_64.rpm	e0bfe345b20acafa507cac0525090e5df1ac25e57adbffdabe0b94be03c51052	-	ol10_x86_64_appstream
	kernel-devel-matched-6.12.0-124.20.1.el10_1.x86_64.rpm	ddb0d425f406fd3721a8a2f500d22024cc364c599edc630d3dc6524ec6901d82	-	ol10_x86_64_appstream
	kernel-doc-6.12.0-124.20.1.el10_1.noarch.rpm	b5edb0af3d783f944145d5eb525f3468e935c457d9c43ce45b0080b7d145da1e	-	ol10_x86_64_appstream
	kernel-headers-6.12.0-124.20.1.el10_1.x86_64.rpm	705a7ebdfaba968373ff5b38d6aa0915acda0c37786051d28ae456adbbc09bae	-	ol10_x86_64_appstream
	kernel-modules-6.12.0-124.20.1.el10_1.x86_64.rpm	2abdc0f69e51db9030aa95ab3fa11cc3c408f9669cddd9194659ecc7ad0e369a	-	ol10_x86_64_baseos_latest
	kernel-modules-6.12.0-124.20.1.el10_1.x86_64.rpm	2abdc0f69e51db9030aa95ab3fa11cc3c408f9669cddd9194659ecc7ad0e369a	-	ol10_x86_64_u1_baseos_patch
	kernel-modules-core-6.12.0-124.20.1.el10_1.x86_64.rpm	4e95bc23de19702633173d96939051b7d69814d85cac91e9ec920656c9f6fbe1	-	ol10_x86_64_baseos_latest
	kernel-modules-core-6.12.0-124.20.1.el10_1.x86_64.rpm	4e95bc23de19702633173d96939051b7d69814d85cac91e9ec920656c9f6fbe1	-	ol10_x86_64_u1_baseos_patch
	kernel-modules-extra-6.12.0-124.20.1.el10_1.x86_64.rpm	ba56926caedf148570d1c83d1a205d53d92abc9aedf92daae8c86e3053037871	-	ol10_x86_64_baseos_latest
	kernel-modules-extra-6.12.0-124.20.1.el10_1.x86_64.rpm	ba56926caedf148570d1c83d1a205d53d92abc9aedf92daae8c86e3053037871	-	ol10_x86_64_u1_baseos_patch
	kernel-modules-extra-matched-6.12.0-124.20.1.el10_1.x86_64.rpm	866e8bc4456067bc6a3ab84584c4e60c8c11269fb690cc61556ea2245e99c287	-	ol10_x86_64_baseos_latest
	kernel-modules-extra-matched-6.12.0-124.20.1.el10_1.x86_64.rpm	866e8bc4456067bc6a3ab84584c4e60c8c11269fb690cc61556ea2245e99c287	-	ol10_x86_64_u1_baseos_patch
	kernel-tools-6.12.0-124.20.1.el10_1.x86_64.rpm	f7c1aa1fdd0ba1dca1ee953dd5b6ea129baa10f8375c732a34230d3369704f9d	-	ol10_x86_64_baseos_latest
	kernel-tools-6.12.0-124.20.1.el10_1.x86_64.rpm	f7c1aa1fdd0ba1dca1ee953dd5b6ea129baa10f8375c732a34230d3369704f9d	-	ol10_x86_64_u1_baseos_patch
	kernel-tools-libs-6.12.0-124.20.1.el10_1.x86_64.rpm	765a849c24833b843f2e64c82066dfafca49188dc1594823401daad4907d67d1	-	ol10_x86_64_baseos_latest
	kernel-tools-libs-6.12.0-124.20.1.el10_1.x86_64.rpm	765a849c24833b843f2e64c82066dfafca49188dc1594823401daad4907d67d1	-	ol10_x86_64_u1_baseos_patch
	kernel-tools-libs-devel-6.12.0-124.20.1.el10_1.x86_64.rpm	0c7e325120964abda8d638e72e1f8d037ac355acef81bb24b17a3a7f9c96cccf	-	ol10_x86_64_codeready_builder
	kernel-uki-virt-6.12.0-124.20.1.el10_1.x86_64.rpm	4e2bbf0630c7ff9699d691492a570b0a8f205709874267d0a3db8a79f4fb6f50	-	ol10_x86_64_baseos_latest
	kernel-uki-virt-6.12.0-124.20.1.el10_1.x86_64.rpm	4e2bbf0630c7ff9699d691492a570b0a8f205709874267d0a3db8a79f4fb6f50	-	ol10_x86_64_u1_baseos_patch
	kernel-uki-virt-addons-6.12.0-124.20.1.el10_1.x86_64.rpm	b36511ad3fb5c3554a0a6a8069402adfd2e76fd9007889617953d238fdbb2392	-	ol10_x86_64_baseos_latest
	kernel-uki-virt-addons-6.12.0-124.20.1.el10_1.x86_64.rpm	b36511ad3fb5c3554a0a6a8069402adfd2e76fd9007889617953d238fdbb2392	-	ol10_x86_64_u1_baseos_patch
	libperf-6.12.0-124.20.1.el10_1.x86_64.rpm	b713271e45bc961fe3006bbfe8855bf11b1b3c9906c79be6604b7ee53eeca01d	-	ol10_x86_64_codeready_builder
	perf-6.12.0-124.20.1.el10_1.x86_64.rpm	6425f63115acf606f33efcd8f2c4d7b5c2b806b459cc77c2841acbfda59e7ee9	-	ol10_x86_64_appstream
	python3-perf-6.12.0-124.20.1.el10_1.x86_64.rpm	6f978b807859d1281d248579f89c6da2c4a4b909c8e75958a41408d7baedce2e	-	ol10_x86_64_appstream
	rtla-6.12.0-124.20.1.el10_1.x86_64.rpm	46927eab85b2479a75664f279ab50dc12b7284f2e1e4ce9af151a37ff1688fb7	-	ol10_x86_64_appstream
	rv-6.12.0-124.20.1.el10_1.x86_64.rpm	129c52162f657e8b895ec07176e9f8d5bb210b6f26dae906cf4d08944221d12a	-	ol10_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691