ELSA-2025-0578

ELSA-2025-0578 - kernel security update

Type:SECURITY
Severity:MODERATE
Release Date:2025-01-22

Description


- [5.14.0-503.22.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.22.1_5]
- [s390] zcore: WRITE is 'data source', not destination... (CKI Backport Bot) [RHEL-63078]
- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-72218] {CVE-2024-50275}
- bpf: Use raw_spinlock_t in ringbuf (Luis Claudio R. Goncalves) [RHEL-68992 RHEL-20608]
- rh_messages.h: un-unmaintain hfi1 (CKI Backport Bot) [RHEL-71322]
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-66055 RHEL-53595]
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-66055 RHEL-53595]
- ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use single token list for the copiers (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Adjust the params based on DAI formats (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Improve readability of sof_ipc4_prepare_dai_copier() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology/pcm: Rename sof_ipc4_copier_is_single_format() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Print out the channel count in sof_ipc4_dbg_audio_format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc3-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: add sof_dai_get_tdm_slots function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: rename dai clock setting query function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Add support for NHLT with 16-bit only DMIC blob (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Correct DAI copier config and NHLT blob request (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Allow selective update in sof_ipc4_update_hw_params (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: remove shadowed variable (Jaroslav Kysela) [RHEL-62030]
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (Ivan Vecera) [RHEL-65624]
- KVM: SVM: Propagate error from snp_guest_req_init() to userspace (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- x86/sev: Move sev_guest.h into common SEV header (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- i40e: fix race condition by adding filter's intermediate sync state (CKI Backport Bot) [RHEL-69809] {CVE-2024-53088}
- ice: fix truesize operations for PAGE_SIZE >= 8192 (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix ICE_LAST_OFFSET formula (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix page reuse when PAGE_SIZE is over 8k (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- nvme-fabrics: handle zero MAXCMD without closing the connection (Maurizio Lombardi) [RHEL-72970]
- selftests: netfilter: add test case for recent mismatch bug (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: store new sets in dedicated list (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: make cgroupsv2 matching work with namespaces (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [RHEL-71357 RHEL-60554]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-70541 RHEL-70449]
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66329 RHEL-66328] {CVE-2024-50154}
- rcu: Use system_unbound_wq to avoid disturbing isolated CPUs (Waiman Long) [RHEL-61329 RHEL-50220]
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (Cathy Avery) [RHEL-71393 RHEL-9848]
- scsi: storvsc: Handle additional SRB status values (Cathy Avery) [RHEL-71393 RHEL-9848]


Related CVEs


CVE-2024-50154
CVE-2024-50275
CVE-2024-53088

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_aarch64_appstream
kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_aarch64_baseos_latest
kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_aarch64_codeready_builder
kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_aarch64_u5_baseos_patch
bpftool-7.4.0-503.22.1.el9_5.aarch64.rpmf1309f1c4acea0f18a72b2ab34558f2e-ol9_aarch64_baseos_latest
bpftool-7.4.0-503.22.1.el9_5.aarch64.rpmf1309f1c4acea0f18a72b2ab34558f2e-ol9_aarch64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.22.1.el9_5.aarch64.rpme10a4b1e2b40f4f582670611f2d48eb9-ol9_aarch64_codeready_builder
kernel-headers-5.14.0-503.22.1.el9_5.aarch64.rpm03838ec8d4ad072fdee7b2eb421f1bc0-ol9_aarch64_appstream
kernel-tools-5.14.0-503.22.1.el9_5.aarch64.rpm90926de281a016371af9d3ac11280cfc-ol9_aarch64_baseos_latest
kernel-tools-5.14.0-503.22.1.el9_5.aarch64.rpm90926de281a016371af9d3ac11280cfc-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.22.1.el9_5.aarch64.rpm0722d3a68e9e79e89d6dabae62e2048a-ol9_aarch64_baseos_latest
kernel-tools-libs-5.14.0-503.22.1.el9_5.aarch64.rpm0722d3a68e9e79e89d6dabae62e2048a-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.aarch64.rpm8dcbd32294735cf389e794f2772a7acd-ol9_aarch64_codeready_builder
perf-5.14.0-503.22.1.el9_5.aarch64.rpmc3c9e0fe8c7ec0a869f8d19502271114-ol9_aarch64_appstream
python3-perf-5.14.0-503.22.1.el9_5.aarch64.rpm24ec5104b79d649fb116ac04a3e734a4-ol9_aarch64_baseos_latest
python3-perf-5.14.0-503.22.1.el9_5.aarch64.rpm24ec5104b79d649fb116ac04a3e734a4-ol9_aarch64_u5_baseos_patch
rtla-5.14.0-503.22.1.el9_5.aarch64.rpmaf6fd6dfa1a268137e838a9335244437-ol9_aarch64_appstream
rv-5.14.0-503.22.1.el9_5.aarch64.rpm171eb93a67db0cff83bc3c3de79d0f8e-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_x86_64_appstream
kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_x86_64_baseos_latest
kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_x86_64_codeready_builder
kernel-5.14.0-503.22.1.el9_5.src.rpm494987e3b15bb7e9710e07f964e9b2e0-ol9_x86_64_u5_baseos_patch
bpftool-7.4.0-503.22.1.el9_5.x86_64.rpm23ae08882f640734700b1f9fbdec6451-ol9_x86_64_baseos_latest
bpftool-7.4.0-503.22.1.el9_5.x86_64.rpm23ae08882f640734700b1f9fbdec6451-ol9_x86_64_u5_baseos_patch
kernel-5.14.0-503.22.1.el9_5.x86_64.rpm3c2c52df8c2b6ac68ccf7a40f3044122-ol9_x86_64_baseos_latest
kernel-5.14.0-503.22.1.el9_5.x86_64.rpm3c2c52df8c2b6ac68ccf7a40f3044122-ol9_x86_64_u5_baseos_patch
kernel-abi-stablelists-5.14.0-503.22.1.el9_5.noarch.rpm8ccace519637865411399e4a4fce4824-ol9_x86_64_baseos_latest
kernel-abi-stablelists-5.14.0-503.22.1.el9_5.noarch.rpm8ccace519637865411399e4a4fce4824-ol9_x86_64_u5_baseos_patch
kernel-core-5.14.0-503.22.1.el9_5.x86_64.rpm8c41e423f8b4d8eb521dad7dc2adf4d6-ol9_x86_64_baseos_latest
kernel-core-5.14.0-503.22.1.el9_5.x86_64.rpm8c41e423f8b4d8eb521dad7dc2adf4d6-ol9_x86_64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.22.1.el9_5.x86_64.rpmdd87b93dd0ed6d4b005c805cbc41c89b-ol9_x86_64_codeready_builder
kernel-debug-5.14.0-503.22.1.el9_5.x86_64.rpmfbc08824607d9c84b8a0e24426cec942-ol9_x86_64_baseos_latest
kernel-debug-5.14.0-503.22.1.el9_5.x86_64.rpmfbc08824607d9c84b8a0e24426cec942-ol9_x86_64_u5_baseos_patch
kernel-debug-core-5.14.0-503.22.1.el9_5.x86_64.rpm07c1698a40ec28655f2187020519fa7a-ol9_x86_64_baseos_latest
kernel-debug-core-5.14.0-503.22.1.el9_5.x86_64.rpm07c1698a40ec28655f2187020519fa7a-ol9_x86_64_u5_baseos_patch
kernel-debug-devel-5.14.0-503.22.1.el9_5.x86_64.rpm544c5fbfa5cb0dc12c471097a3173388-ol9_x86_64_appstream
kernel-debug-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpmc27e300d4dc748d7988580987f1fe5f1-ol9_x86_64_appstream
kernel-debug-modules-5.14.0-503.22.1.el9_5.x86_64.rpm2e754a849277417315f791afa83926f0-ol9_x86_64_baseos_latest
kernel-debug-modules-5.14.0-503.22.1.el9_5.x86_64.rpm2e754a849277417315f791afa83926f0-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpma533c8c6486dd2fbb0c3f927a12f33cc-ol9_x86_64_baseos_latest
kernel-debug-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpma533c8c6486dd2fbb0c3f927a12f33cc-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpme7ecdd25a48d773c90ef677a49b5f53b-ol9_x86_64_baseos_latest
kernel-debug-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpme7ecdd25a48d773c90ef677a49b5f53b-ol9_x86_64_u5_baseos_patch
kernel-debug-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm6e5fc250f60bc1a0a4550feaaab3f7b9-ol9_x86_64_baseos_latest
kernel-debug-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm6e5fc250f60bc1a0a4550feaaab3f7b9-ol9_x86_64_u5_baseos_patch
kernel-devel-5.14.0-503.22.1.el9_5.x86_64.rpm14d55ddad4cb9d88ebe41befe7d6b2a1-ol9_x86_64_appstream
kernel-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpm242953c014f257cbc75c7e92317f09b3-ol9_x86_64_appstream
kernel-doc-5.14.0-503.22.1.el9_5.noarch.rpm58319c002f92962bdd946d171303bba8-ol9_x86_64_appstream
kernel-headers-5.14.0-503.22.1.el9_5.x86_64.rpm15ebb5757a015e15d5210f6b71309695-ol9_x86_64_appstream
kernel-modules-5.14.0-503.22.1.el9_5.x86_64.rpm34543bfdd3b2cdbccf23ce7d727c5cbd-ol9_x86_64_baseos_latest
kernel-modules-5.14.0-503.22.1.el9_5.x86_64.rpm34543bfdd3b2cdbccf23ce7d727c5cbd-ol9_x86_64_u5_baseos_patch
kernel-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpmc6b244a345baee7cca579272db13be6f-ol9_x86_64_baseos_latest
kernel-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpmc6b244a345baee7cca579272db13be6f-ol9_x86_64_u5_baseos_patch
kernel-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm2c8ffe134415affe4a3b5aab82e25ae7-ol9_x86_64_baseos_latest
kernel-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm2c8ffe134415affe4a3b5aab82e25ae7-ol9_x86_64_u5_baseos_patch
kernel-tools-5.14.0-503.22.1.el9_5.x86_64.rpma28185d642fbb2fab2a4c0c14c8abb2a-ol9_x86_64_baseos_latest
kernel-tools-5.14.0-503.22.1.el9_5.x86_64.rpma28185d642fbb2fab2a4c0c14c8abb2a-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.22.1.el9_5.x86_64.rpm136bba1843d998b3081a2c6ec992ba60-ol9_x86_64_baseos_latest
kernel-tools-libs-5.14.0-503.22.1.el9_5.x86_64.rpm136bba1843d998b3081a2c6ec992ba60-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.x86_64.rpm8600b5bd03f1b9761cbbd3551bb295e7-ol9_x86_64_codeready_builder
kernel-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm91649e58e6ba587bea591f76a483d50d-ol9_x86_64_baseos_latest
kernel-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm91649e58e6ba587bea591f76a483d50d-ol9_x86_64_u5_baseos_patch
kernel-uki-virt-addons-5.14.0-503.22.1.el9_5.x86_64.rpm33f5369f2bfefdc581f3dc9cabe2a39e-ol9_x86_64_baseos_latest
kernel-uki-virt-addons-5.14.0-503.22.1.el9_5.x86_64.rpm33f5369f2bfefdc581f3dc9cabe2a39e-ol9_x86_64_u5_baseos_patch
libperf-5.14.0-503.22.1.el9_5.x86_64.rpmff2078196a056ea203d6715087ef0167-ol9_x86_64_codeready_builder
perf-5.14.0-503.22.1.el9_5.x86_64.rpmdad1acd3c2d264d65d4edb5b0adcda88-ol9_x86_64_appstream
python3-perf-5.14.0-503.22.1.el9_5.x86_64.rpm638ef55f3371962b58b2828e52a52efd-ol9_x86_64_baseos_latest
python3-perf-5.14.0-503.22.1.el9_5.x86_64.rpm638ef55f3371962b58b2828e52a52efd-ol9_x86_64_u5_baseos_patch
rtla-5.14.0-503.22.1.el9_5.x86_64.rpme771064f93ea56b8f6e0a0c77227803d-ol9_x86_64_appstream
rv-5.14.0-503.22.1.el9_5.x86_64.rpm8f8c6b95ae2e3cb174c4f9deab4cfbb3-ol9_x86_64_appstream


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete