ELSA-2025-0059

ULN >
Oracle Linux Errata repository >
ELSA-2025-0059

ELSA-2025-0059 - kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2025-01-10

Description

[5.14.0-503.21.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.21.1_5]
- mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (CKI Backport Bot) [RHEL-66899] {CVE-2024-50252}
- CVE-2024-53122 mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (Patrick Talbert) [RHEL-70083 RHEL-69670] {CVE-2024-53122}
- mm: make show_free_areas() static (Aristeu Rozanski) [RHEL-66998 RHEL-27743]
- mm: remove arguments of show_mem() (Aristeu Rozanski) [RHEL-66998 RHEL-27743]
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: gaccess: Check if guest address is in memslot (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390/uv: Panic for set and remove shared access UVC errors (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: remove useless include (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390/mm: Re-enable the shared zeropage for !PV and !skeys KVM guests (Thomas Huth) [RHEL-67922 RHEL-65229]
- mm/userfaultfd: Do not place zeropages when zeropages are disallowed (Thomas Huth) [RHEL-67922 RHEL-65229]
- s390: allow pte_offset_map_lock() to fail (Thomas Huth) [RHEL-67922 RHEL-54248]
- KVM: s390: vsie: Use virt_to_phys for crypto control block (Thomas Huth) [RHEL-67922 RHEL-65229]
- KVM: s390: vsie: Use virt_to_phys for facility control block (Thomas Huth) [RHEL-67922 RHEL-65229]
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-68137 RHEL-68102]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-68137 RHEL-68102]
- gfs2: Randomize GLF_VERIFY_DELETE work delay (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Update to the evict / remote delete documentation (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Clean up delete work processing (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Minor delete_work_func cleanup (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Fix unlinked inode cleanup (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Allow immediate GLF_VERIFY_DELETE work (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: make timeout values more explicit (Wolfram Sang) [RHEL-62105 RHEL-60945]
- gfs2: Simplify function gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- gfs2: Rename SDF_DEACTIVATING to SDF_KILL (Andreas Gruenbacher) [RHEL-62105 RHEL-60945]
- smb: client: fix use-after-free of signing key (Jay Shin) [RHEL-69306 RHEL-66206]
- net/iucv: fix use after free in iucv_sock_close() (Mete Durlu) [RHEL-60300 RHEL-53992]
- KVM: arm64: Ensure vgic_ready() is ordered against MMIO registration (CKI Backport Bot) [RHEL-70294]

[5.14.0-503.20.1_5]
- bnxt_en: Add support for user configured RSS key (Michal Schmidt) [RHEL-68699 RHEL-54645]
- bnxt_en: Add function to calculate Toeplitz hash (Michal Schmidt) [RHEL-68699 RHEL-54645]
- kvm: Note an RCU quiescent state on guest exit (Leonardo Bras) [RHEL-65734 RHEL-20288]
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full OS jitter (Leonardo Bras) [RHEL-65734 RHEL-20288]
- context_tracking: Fix KCSAN noinstr violation (Leonardo Bras) [RHEL-65734 RHEL-20288]
- perf/aux: Fix AUX buffer serialization (Michael Petlan) [RHEL-67495] {CVE-2024-46713}
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (Mohammad Heib) [RHEL-66669 RHEL-52759] {CVE-2024-50208}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_aarch64_appstream
	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.21.1.el9_5.aarch64.rpm	138a7df86fac82e20e7b61e7133411cbb868619226b53db71e71e639a74e0970	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.21.1.el9_5.aarch64.rpm	138a7df86fac82e20e7b61e7133411cbb868619226b53db71e71e639a74e0970	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.21.1.el9_5.aarch64.rpm	a4482fbcef8d24736b9a548df2a21872303e7973a8f32ba25073e2e721cd3884	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.21.1.el9_5.aarch64.rpm	bd757fd59987b08797c6cd467aed32cda3eb4816fe9e9d453cc822eb8dbccf10	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.21.1.el9_5.aarch64.rpm	26ce6e9c2ba79b118618e54ae1559307dbc6d93f17495b5e8afb364ed98ea64d	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.21.1.el9_5.aarch64.rpm	26ce6e9c2ba79b118618e54ae1559307dbc6d93f17495b5e8afb364ed98ea64d	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.21.1.el9_5.aarch64.rpm	50cd9eb181c2cc7d85ec7e358fe703a3a3f957b31c98ce8c9b53716a3c404919	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.21.1.el9_5.aarch64.rpm	50cd9eb181c2cc7d85ec7e358fe703a3a3f957b31c98ce8c9b53716a3c404919	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.21.1.el9_5.aarch64.rpm	f0334d5146820f2ed87f9a33a5e2f5637ff64be13f10e98cea4e5bd322d2a5b4	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.21.1.el9_5.aarch64.rpm	0e416a2576dcddadd66e848869ee4db572c5127facc76232d11cc6f70098adf5	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.21.1.el9_5.aarch64.rpm	72ce57e0fe403f2edfb1d80addd892220a29adfb828dc4112ac5b746d3d8ef74	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.21.1.el9_5.aarch64.rpm	72ce57e0fe403f2edfb1d80addd892220a29adfb828dc4112ac5b746d3d8ef74	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.21.1.el9_5.aarch64.rpm	707c81c927023d41002544e1e4bf2513cf470e64ca3ecc6ecab917e499dad120	-	ol9_aarch64_appstream
	rv-5.14.0-503.21.1.el9_5.aarch64.rpm	776a940afdb2bb69a17bb61d2ba895699a2131d01d0cc4f2a1ff2bf2c771a844	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_x86_64_appstream
	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.21.1.el9_5.src.rpm	586f0297fcf05163f6c2c5c7589739e37362fea43d4f9fc4f294028314a4dd17	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.21.1.el9_5.x86_64.rpm	5cff8bf227b8870aa9998e24a35cfb2a02e7bba6a8514257b2af0a66b9b81e50	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.21.1.el9_5.x86_64.rpm	5cff8bf227b8870aa9998e24a35cfb2a02e7bba6a8514257b2af0a66b9b81e50	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.21.1.el9_5.x86_64.rpm	b9bc201ecfd0963b61e4f2405298eabdafba7a0b6a6c1f126e1774505322e83b	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.21.1.el9_5.x86_64.rpm	b9bc201ecfd0963b61e4f2405298eabdafba7a0b6a6c1f126e1774505322e83b	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.21.1.el9_5.noarch.rpm	405cd35c42b243dc5792b792481e834e8508d41d767114a2f3b55bbe3c3296d5	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.21.1.el9_5.noarch.rpm	405cd35c42b243dc5792b792481e834e8508d41d767114a2f3b55bbe3c3296d5	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.21.1.el9_5.x86_64.rpm	90d52eb6218d892e02d99f7e409bc288f12dc8e791c985015b561b9f5329ed64	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.21.1.el9_5.x86_64.rpm	90d52eb6218d892e02d99f7e409bc288f12dc8e791c985015b561b9f5329ed64	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.21.1.el9_5.x86_64.rpm	6cbd6ba56f48fcc3eb3af0f1d8fd9d58968aeafe6e1d0fb37e06458b89fcf057	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.21.1.el9_5.x86_64.rpm	1454781b74f44238904f87764c99fef30d8ea24c96ca16529bb7a41aa5d4e223	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.21.1.el9_5.x86_64.rpm	1454781b74f44238904f87764c99fef30d8ea24c96ca16529bb7a41aa5d4e223	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.21.1.el9_5.x86_64.rpm	73123df1de373150e49017143e66f8a17db850f5b05a4d04eab75a95f1d4fa47	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.21.1.el9_5.x86_64.rpm	73123df1de373150e49017143e66f8a17db850f5b05a4d04eab75a95f1d4fa47	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.21.1.el9_5.x86_64.rpm	d5cba2fa51401ef18d6cb86fd62fae44a168d49b909744a24a75093d26dd3821	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.21.1.el9_5.x86_64.rpm	d4acf9e251614cc6784327ede24b3846519c27d10abb540d564735ad9a73ece5	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	571be554f67388d96d8b3006129234057ba1a187d7666a0efac0c2b58cbb0da8	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	571be554f67388d96d8b3006129234057ba1a187d7666a0efac0c2b58cbb0da8	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	9ec0f4b3f4b40233d65ad02fe7edb8bfe624a1217064b7d4b62d8547bd8d8d1d	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	9ec0f4b3f4b40233d65ad02fe7edb8bfe624a1217064b7d4b62d8547bd8d8d1d	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	84cb8771951ddbcf70d2e6bb4e3246adde001e969831ceddba8c0e8f47a711d0	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	84cb8771951ddbcf70d2e6bb4e3246adde001e969831ceddba8c0e8f47a711d0	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	3ee231354491469ea6b6e9c3a073cfb67cae568bd615a55489ba82c08fba6e6d	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	3ee231354491469ea6b6e9c3a073cfb67cae568bd615a55489ba82c08fba6e6d	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.21.1.el9_5.x86_64.rpm	3e58dae144d97809bdcb7e40a8dbe692d9d61891dde022c542eaf56fe809adf3	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.21.1.el9_5.x86_64.rpm	4ee3ad2051fba257c0775639a1a9e6b2c669516ae5cda26da094e489ab3d20a4	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.21.1.el9_5.noarch.rpm	7f19f82202aa6a4325073c755e200971f3d13d31a59a4df0bf09bde01261a23c	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.21.1.el9_5.x86_64.rpm	5db03f454c04f2c643d5b25475c1f76f082cd3a722aff9347cf5e91c0a4779e2	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	58fdc6d41e2041abf88ed17a64000f1c553ab85233f40d60dac7a6548645d776	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.21.1.el9_5.x86_64.rpm	58fdc6d41e2041abf88ed17a64000f1c553ab85233f40d60dac7a6548645d776	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	b9209af0f1ffd86d434de7650d2e5b8b99a3200462bd71dc20e9906c77fc44bd	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.21.1.el9_5.x86_64.rpm	b9209af0f1ffd86d434de7650d2e5b8b99a3200462bd71dc20e9906c77fc44bd	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	53a00ed08dda99e5e6aa2ba256b6a973657a6631d56e82dfc4dac3c62eadc47a	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.21.1.el9_5.x86_64.rpm	53a00ed08dda99e5e6aa2ba256b6a973657a6631d56e82dfc4dac3c62eadc47a	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.21.1.el9_5.x86_64.rpm	044c8d526791dacdd8fe56b422261049e9dad3526ca47be5a7c17f4c7bcc2016	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.21.1.el9_5.x86_64.rpm	044c8d526791dacdd8fe56b422261049e9dad3526ca47be5a7c17f4c7bcc2016	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.21.1.el9_5.x86_64.rpm	5515be66099c9bed9dfc8a073a6be6348554e192b0bf4f04bf052a41a621928a	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.21.1.el9_5.x86_64.rpm	5515be66099c9bed9dfc8a073a6be6348554e192b0bf4f04bf052a41a621928a	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.21.1.el9_5.x86_64.rpm	e665382221fa8e8e5e8749eafe150c0efcd5c5d6f32c3c60f89b5a2aedab2192	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	2780261bde5db492c528dcc4f73bc546509c749843911d3a09469ddaa40cf495	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.21.1.el9_5.x86_64.rpm	2780261bde5db492c528dcc4f73bc546509c749843911d3a09469ddaa40cf495	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.21.1.el9_5.x86_64.rpm	7beaefcbb90b5abafff1003c82479341e0c2d6ac2581dc84ad2df4775eff64b0	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.21.1.el9_5.x86_64.rpm	7beaefcbb90b5abafff1003c82479341e0c2d6ac2581dc84ad2df4775eff64b0	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.21.1.el9_5.x86_64.rpm	110fe4f6337d0d230814f441339e801e8d061e3bdcdcf081a5206ef34b3be229	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.21.1.el9_5.x86_64.rpm	1e62135aa914266b26aa22575f6cbf4a7f491cf18eb1fe7ba9cd774e893c241b	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.21.1.el9_5.x86_64.rpm	387fd99de4879407095d52617cfece63bd07500666419094f41594d1db39a71e	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.21.1.el9_5.x86_64.rpm	387fd99de4879407095d52617cfece63bd07500666419094f41594d1db39a71e	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.21.1.el9_5.x86_64.rpm	7459feafdcabe08254f4bcffd3571843035dc6abff517bcc53ab2407967c077a	-	ol9_x86_64_appstream
	rv-5.14.0-503.21.1.el9_5.x86_64.rpm	c751c94489c036de20f217b752ab011c2d5a7145653b6db0c8c327428b2efa16	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691