ELSA-2025-0578

ELSA-2025-0578 - kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2025-01-22

Description

- [5.14.0-503.22.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.22.1_5]
- [s390] zcore: WRITE is 'data source', not destination... (CKI Backport Bot) [RHEL-63078]
- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-72218] {CVE-2024-50275}
- bpf: Use raw_spinlock_t in ringbuf (Luis Claudio R. Goncalves) [RHEL-68992 RHEL-20608]
- rh_messages.h: un-unmaintain hfi1 (CKI Backport Bot) [RHEL-71322]
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-66055 RHEL-53595]
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-66055 RHEL-53595]
- ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use single token list for the copiers (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Adjust the params based on DAI formats (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Improve readability of sof_ipc4_prepare_dai_copier() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology/pcm: Rename sof_ipc4_copier_is_single_format() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Print out the channel count in sof_ipc4_dbg_audio_format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc3-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: add sof_dai_get_tdm_slots function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: rename dai clock setting query function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Add support for NHLT with 16-bit only DMIC blob (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Correct DAI copier config and NHLT blob request (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Allow selective update in sof_ipc4_update_hw_params (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: remove shadowed variable (Jaroslav Kysela) [RHEL-62030]
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (Ivan Vecera) [RHEL-65624]
- KVM: SVM: Propagate error from snp_guest_req_init() to userspace (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- x86/sev: Move sev_guest.h into common SEV header (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- i40e: fix race condition by adding filter's intermediate sync state (CKI Backport Bot) [RHEL-69809] {CVE-2024-53088}
- ice: fix truesize operations for PAGE_SIZE >= 8192 (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix ICE_LAST_OFFSET formula (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix page reuse when PAGE_SIZE is over 8k (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- nvme-fabrics: handle zero MAXCMD without closing the connection (Maurizio Lombardi) [RHEL-72970]
- selftests: netfilter: add test case for recent mismatch bug (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: store new sets in dedicated list (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: make cgroupsv2 matching work with namespaces (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [RHEL-71357 RHEL-60554]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-70541 RHEL-70449]
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66329 RHEL-66328] {CVE-2024-50154}
- rcu: Use system_unbound_wq to avoid disturbing isolated CPUs (Waiman Long) [RHEL-61329 RHEL-50220]
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (Cathy Avery) [RHEL-71393 RHEL-9848]
- scsi: storvsc: Handle additional SRB status values (Cathy Avery) [RHEL-71393 RHEL-9848]

Related CVEs

CVE-2024-50154

CVE-2024-50275

CVE-2024-53088

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_aarch64_appstream
	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.22.1.el9_5.aarch64.rpm	ecc44eab9f07ed87006d865e87d01e04b2646e5958dd4af35c6a341151532e98	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.22.1.el9_5.aarch64.rpm	ecc44eab9f07ed87006d865e87d01e04b2646e5958dd4af35c6a341151532e98	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.22.1.el9_5.aarch64.rpm	ce8003a01f67dbf3712e2e1995048eeb50c8e242fcfd8ec7ebf8e5f6144e5df0	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.22.1.el9_5.aarch64.rpm	fbb02e6f90b04d8aed463450ac24626cc3b27139a3671ebc7de1aa0158d71b10	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.22.1.el9_5.aarch64.rpm	06b20caac70bceacd785a785af396c50349c9fce9f9a1be8fc71aba25a399960	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.22.1.el9_5.aarch64.rpm	06b20caac70bceacd785a785af396c50349c9fce9f9a1be8fc71aba25a399960	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.22.1.el9_5.aarch64.rpm	b6b420a19defb42c51d75924c56a11be637a053dd10cdfe12662ddcae494a36c	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.22.1.el9_5.aarch64.rpm	b6b420a19defb42c51d75924c56a11be637a053dd10cdfe12662ddcae494a36c	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.aarch64.rpm	0a7acbca0e3e66a91cf0c05113089fd52524c614cf9a0e2babb2514166685175	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.22.1.el9_5.aarch64.rpm	e74b47d958032a672841037b8821535b22bbf2a2ed947612984e5967295bcc04	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.22.1.el9_5.aarch64.rpm	ff8a48e47c4357188937073ee5e99c93c5702264d137fe39257237b7ed5ea14e	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.22.1.el9_5.aarch64.rpm	ff8a48e47c4357188937073ee5e99c93c5702264d137fe39257237b7ed5ea14e	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.22.1.el9_5.aarch64.rpm	e3568fe78980bdb37d70e545916748733b9e0845d6612bd3aa21c8538b91775b	-	ol9_aarch64_appstream
	rv-5.14.0-503.22.1.el9_5.aarch64.rpm	b7fc9723a927322a0ff9021e8294b83a73d97386ff9c0ac0612f80732eb9b140	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_x86_64_appstream
	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.22.1.el9_5.src.rpm	1a59f61a331c9aeae729b4d064aa162e927a34a541ee9136fe29c6d912b3d120	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.22.1.el9_5.x86_64.rpm	57e9cb3d9c5ac71f7e310e72862677a59686d950f436358646719c2068c72175	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.22.1.el9_5.x86_64.rpm	57e9cb3d9c5ac71f7e310e72862677a59686d950f436358646719c2068c72175	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.22.1.el9_5.x86_64.rpm	17123c6f7b10a9a257f131b0a6a7b2089230783ab281897ac705fd350fd0d7dc	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.22.1.el9_5.x86_64.rpm	17123c6f7b10a9a257f131b0a6a7b2089230783ab281897ac705fd350fd0d7dc	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.22.1.el9_5.noarch.rpm	3db823bcbd3d0a76770549a45f7ec884ef79a52894b7a9c50693de599dcbbbcf	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.22.1.el9_5.noarch.rpm	3db823bcbd3d0a76770549a45f7ec884ef79a52894b7a9c50693de599dcbbbcf	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.22.1.el9_5.x86_64.rpm	96c85a9742b1b3a81f313a971c87251b757a7739f8d0724de90808f9cf457d21	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.22.1.el9_5.x86_64.rpm	96c85a9742b1b3a81f313a971c87251b757a7739f8d0724de90808f9cf457d21	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.22.1.el9_5.x86_64.rpm	54d5f924cdce43a524bc746d630eb315ee6d9b240008d25fceb4a209f65b14f4	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.22.1.el9_5.x86_64.rpm	b9e056827e3ef0e7080f3df3b8cf3c3caebcd8d9245915d9e813532cec9ade0c	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.22.1.el9_5.x86_64.rpm	b9e056827e3ef0e7080f3df3b8cf3c3caebcd8d9245915d9e813532cec9ade0c	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.22.1.el9_5.x86_64.rpm	a344aa8217d3fe79ee615ad6b9251a3be1da7c332e7fd456d7f0bf450a6f0438	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.22.1.el9_5.x86_64.rpm	a344aa8217d3fe79ee615ad6b9251a3be1da7c332e7fd456d7f0bf450a6f0438	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.22.1.el9_5.x86_64.rpm	cb1fde47df90bb340560c7697700da9070feaffdc0c852474792ea804ebb7c6c	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpm	ab293fa7feb96d3b6e6f39c9ead4c02570d8501f2324b472ebd1511825ae0692	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	504878cd79829e4bcc4dbff2fac52c3508a943f9cf194db445b4ed0e7c19ee09	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	504878cd79829e4bcc4dbff2fac52c3508a943f9cf194db445b4ed0e7c19ee09	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	9a94e300022d9836c2b809bb51e0aead0868347c8e81c2ca28cd8079880f4b96	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	9a94e300022d9836c2b809bb51e0aead0868347c8e81c2ca28cd8079880f4b96	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	24a2c2cbf86c273559bd011121832405fa9b66951e33c4bca269c6f76af9fa5e	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	24a2c2cbf86c273559bd011121832405fa9b66951e33c4bca269c6f76af9fa5e	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	337c7e7a996f38693c2fcf2b87659dd249d5c31928b9463c22885cd4f85ed71d	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	337c7e7a996f38693c2fcf2b87659dd249d5c31928b9463c22885cd4f85ed71d	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.22.1.el9_5.x86_64.rpm	94a24c99a811421d8cca68a872bc7f5513fb54f6a4542c3ea715ce96246bad9e	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpm	b2bdeab0dcaa69dd1badc15efe3c56c3372abe032df5c9ff6e00d2afb39029f2	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.22.1.el9_5.noarch.rpm	e902e987c8eb99f3533c8be649385d56e6d5665650f786acd71249618029c6e1	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.22.1.el9_5.x86_64.rpm	804323c9ff205d02f43a8e170e670441b8b255c4b79e90375fb91eedf6932502	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	cc8087998d12742b71ba63ef89a78c70339618252e989939f3154702d8e7fb90	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	cc8087998d12742b71ba63ef89a78c70339618252e989939f3154702d8e7fb90	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	35ae0bbe8b4fd66791d9b31cbcf90494810a39d2a1f6d00f641a1c90959c53d1	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	35ae0bbe8b4fd66791d9b31cbcf90494810a39d2a1f6d00f641a1c90959c53d1	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	68ac916758f5799d7d40cbd3b001c6394454f75e459703162178bbba92bf0a0e	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	68ac916758f5799d7d40cbd3b001c6394454f75e459703162178bbba92bf0a0e	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.22.1.el9_5.x86_64.rpm	d7192d2d8d687e5470cefe905772677dbf1bfa265a385398c19d229b8054fb25	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.22.1.el9_5.x86_64.rpm	d7192d2d8d687e5470cefe905772677dbf1bfa265a385398c19d229b8054fb25	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.22.1.el9_5.x86_64.rpm	e1b80ed2b9434bab670953bd0c3ff31a8d326fb225f337a6e36140d7893320a7	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.22.1.el9_5.x86_64.rpm	e1b80ed2b9434bab670953bd0c3ff31a8d326fb225f337a6e36140d7893320a7	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.x86_64.rpm	eeb8cbc8e1dd1a47782406d9d2f383af2321f7bb4b923b9e35e6be5523c7dec9	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	0f1d1ec910d2a13dce8a7b3c22007cf31b3e8abf6f46b0e1dd10d69b2a2fe7ad	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	0f1d1ec910d2a13dce8a7b3c22007cf31b3e8abf6f46b0e1dd10d69b2a2fe7ad	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.22.1.el9_5.x86_64.rpm	546fcf3c4c4667347e953b1bd2c4531b0b52de94220666bb7fdd765a1a4e21ca	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.22.1.el9_5.x86_64.rpm	546fcf3c4c4667347e953b1bd2c4531b0b52de94220666bb7fdd765a1a4e21ca	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.22.1.el9_5.x86_64.rpm	8c439f5c2a410818f212f4f581af9d9d959171d8e497e0ceb4d67783695f6a29	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.22.1.el9_5.x86_64.rpm	8838176b2af2b40c5af81e62945f279b703996debe91c9ec3db72299d7022b93	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.22.1.el9_5.x86_64.rpm	d07c4d146d424c6eb4ca284e89533e65bea11f0f1f11d2bcfb44816062b0d931	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.22.1.el9_5.x86_64.rpm	d07c4d146d424c6eb4ca284e89533e65bea11f0f1f11d2bcfb44816062b0d931	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.22.1.el9_5.x86_64.rpm	608bdabbab7eb2760e6f8d0fdd2b52b1e419c0e0cca1bd0063f8ab4c3b0171e9	-	ol9_x86_64_appstream
	rv-5.14.0-503.22.1.el9_5.x86_64.rpm	bfe69b4ea89b1dcbfd3ada791754a6972882e3d6694dd02f6ebf7f53dfa85846	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team