ELSA-2025-0578

ULN >
Oracle Linux Errata repository >
ELSA-2025-0578

ELSA-2025-0578 - kernel security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2025-01-22

Description

- [5.14.0-503.22.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.22.1_5]
- [s390] zcore: WRITE is 'data source', not destination... (CKI Backport Bot) [RHEL-63078]
- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-72218] {CVE-2024-50275}
- bpf: Use raw_spinlock_t in ringbuf (Luis Claudio R. Goncalves) [RHEL-68992 RHEL-20608]
- rh_messages.h: un-unmaintain hfi1 (CKI Backport Bot) [RHEL-71322]
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-66055 RHEL-53595]
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-66055 RHEL-53595]
- ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use single token list for the copiers (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Adjust the params based on DAI formats (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Improve readability of sof_ipc4_prepare_dai_copier() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology/pcm: Rename sof_ipc4_copier_is_single_format() (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Print out the channel count in sof_ipc4_dbg_audio_format (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc3-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: add sof_dai_get_tdm_slots function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: sof-audio: rename dai clock setting query function (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Add support for NHLT with 16-bit only DMIC blob (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Correct DAI copier config and NHLT blob request (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: Allow selective update in sof_ipc4_update_hw_params (Jaroslav Kysela) [RHEL-62030]
- ASoC: SOF: ipc4-topology: remove shadowed variable (Jaroslav Kysela) [RHEL-62030]
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (Ivan Vecera) [RHEL-65624]
- KVM: SVM: Propagate error from snp_guest_req_init() to userspace (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- x86/sev: Move sev_guest.h into common SEV header (Bandan Das) [RHEL-68361 RHEL-65840]
- KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
- i40e: fix race condition by adding filter's intermediate sync state (CKI Backport Bot) [RHEL-69809] {CVE-2024-53088}
- ice: fix truesize operations for PAGE_SIZE >= 8192 (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix ICE_LAST_OFFSET formula (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- ice: fix page reuse when PAGE_SIZE is over 8k (CKI Backport Bot) [RHEL-70660 RHEL-37905]
- nvme-fabrics: handle zero MAXCMD without closing the connection (Maurizio Lombardi) [RHEL-72970]
- selftests: netfilter: add test case for recent mismatch bug (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nf_tables: store new sets in dedicated list (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: make cgroupsv2 matching work with namespaces (Florian Westphal) [RHEL-71357 RHEL-60554]
- netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [RHEL-71357 RHEL-60554]
- tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-70541 RHEL-70449]
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66329 RHEL-66328] {CVE-2024-50154}
- rcu: Use system_unbound_wq to avoid disturbing isolated CPUs (Waiman Long) [RHEL-61329 RHEL-50220]
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (Cathy Avery) [RHEL-71393 RHEL-9848]
- scsi: storvsc: Handle additional SRB status values (Cathy Avery) [RHEL-71393 RHEL-9848]

Related CVEs

CVE-2024-50154

CVE-2024-50275

CVE-2024-53088

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_aarch64_appstream
	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.22.1.el9_5.aarch64.rpm	f1309f1c4acea0f18a72b2ab34558f2e	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.22.1.el9_5.aarch64.rpm	f1309f1c4acea0f18a72b2ab34558f2e	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.22.1.el9_5.aarch64.rpm	e10a4b1e2b40f4f582670611f2d48eb9	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.22.1.el9_5.aarch64.rpm	03838ec8d4ad072fdee7b2eb421f1bc0	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.22.1.el9_5.aarch64.rpm	90926de281a016371af9d3ac11280cfc	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.22.1.el9_5.aarch64.rpm	90926de281a016371af9d3ac11280cfc	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.22.1.el9_5.aarch64.rpm	0722d3a68e9e79e89d6dabae62e2048a	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.22.1.el9_5.aarch64.rpm	0722d3a68e9e79e89d6dabae62e2048a	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.aarch64.rpm	8dcbd32294735cf389e794f2772a7acd	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.22.1.el9_5.aarch64.rpm	c3c9e0fe8c7ec0a869f8d19502271114	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.22.1.el9_5.aarch64.rpm	24ec5104b79d649fb116ac04a3e734a4	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.22.1.el9_5.aarch64.rpm	24ec5104b79d649fb116ac04a3e734a4	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.22.1.el9_5.aarch64.rpm	af6fd6dfa1a268137e838a9335244437	-	ol9_aarch64_appstream
	rv-5.14.0-503.22.1.el9_5.aarch64.rpm	171eb93a67db0cff83bc3c3de79d0f8e	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_x86_64_appstream
	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.22.1.el9_5.src.rpm	494987e3b15bb7e9710e07f964e9b2e0	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.22.1.el9_5.x86_64.rpm	23ae08882f640734700b1f9fbdec6451	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.22.1.el9_5.x86_64.rpm	23ae08882f640734700b1f9fbdec6451	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.22.1.el9_5.x86_64.rpm	3c2c52df8c2b6ac68ccf7a40f3044122	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.22.1.el9_5.x86_64.rpm	3c2c52df8c2b6ac68ccf7a40f3044122	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.22.1.el9_5.noarch.rpm	8ccace519637865411399e4a4fce4824	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.22.1.el9_5.noarch.rpm	8ccace519637865411399e4a4fce4824	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.22.1.el9_5.x86_64.rpm	8c41e423f8b4d8eb521dad7dc2adf4d6	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.22.1.el9_5.x86_64.rpm	8c41e423f8b4d8eb521dad7dc2adf4d6	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.22.1.el9_5.x86_64.rpm	dd87b93dd0ed6d4b005c805cbc41c89b	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.22.1.el9_5.x86_64.rpm	fbc08824607d9c84b8a0e24426cec942	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.22.1.el9_5.x86_64.rpm	fbc08824607d9c84b8a0e24426cec942	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.22.1.el9_5.x86_64.rpm	07c1698a40ec28655f2187020519fa7a	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.22.1.el9_5.x86_64.rpm	07c1698a40ec28655f2187020519fa7a	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.22.1.el9_5.x86_64.rpm	544c5fbfa5cb0dc12c471097a3173388	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpm	c27e300d4dc748d7988580987f1fe5f1	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	2e754a849277417315f791afa83926f0	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	2e754a849277417315f791afa83926f0	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	a533c8c6486dd2fbb0c3f927a12f33cc	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	a533c8c6486dd2fbb0c3f927a12f33cc	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	e7ecdd25a48d773c90ef677a49b5f53b	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	e7ecdd25a48d773c90ef677a49b5f53b	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	6e5fc250f60bc1a0a4550feaaab3f7b9	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	6e5fc250f60bc1a0a4550feaaab3f7b9	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.22.1.el9_5.x86_64.rpm	14d55ddad4cb9d88ebe41befe7d6b2a1	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.22.1.el9_5.x86_64.rpm	242953c014f257cbc75c7e92317f09b3	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.22.1.el9_5.noarch.rpm	58319c002f92962bdd946d171303bba8	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.22.1.el9_5.x86_64.rpm	15ebb5757a015e15d5210f6b71309695	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	34543bfdd3b2cdbccf23ce7d727c5cbd	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.22.1.el9_5.x86_64.rpm	34543bfdd3b2cdbccf23ce7d727c5cbd	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	c6b244a345baee7cca579272db13be6f	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.22.1.el9_5.x86_64.rpm	c6b244a345baee7cca579272db13be6f	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	2c8ffe134415affe4a3b5aab82e25ae7	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.22.1.el9_5.x86_64.rpm	2c8ffe134415affe4a3b5aab82e25ae7	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.22.1.el9_5.x86_64.rpm	a28185d642fbb2fab2a4c0c14c8abb2a	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.22.1.el9_5.x86_64.rpm	a28185d642fbb2fab2a4c0c14c8abb2a	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.22.1.el9_5.x86_64.rpm	136bba1843d998b3081a2c6ec992ba60	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.22.1.el9_5.x86_64.rpm	136bba1843d998b3081a2c6ec992ba60	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.22.1.el9_5.x86_64.rpm	8600b5bd03f1b9761cbbd3551bb295e7	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	91649e58e6ba587bea591f76a483d50d	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.22.1.el9_5.x86_64.rpm	91649e58e6ba587bea591f76a483d50d	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.22.1.el9_5.x86_64.rpm	33f5369f2bfefdc581f3dc9cabe2a39e	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.22.1.el9_5.x86_64.rpm	33f5369f2bfefdc581f3dc9cabe2a39e	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.22.1.el9_5.x86_64.rpm	ff2078196a056ea203d6715087ef0167	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.22.1.el9_5.x86_64.rpm	dad1acd3c2d264d65d4edb5b0adcda88	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.22.1.el9_5.x86_64.rpm	638ef55f3371962b58b2828e52a52efd	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.22.1.el9_5.x86_64.rpm	638ef55f3371962b58b2828e52a52efd	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.22.1.el9_5.x86_64.rpm	e771064f93ea56b8f6e0a0c77227803d	-	ol9_x86_64_appstream
	rv-5.14.0-503.22.1.el9_5.x86_64.rpm	8f8c6b95ae2e3cb174c4f9deab4cfbb3	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691